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(54) System and method for processing protected data 



(57) A secure appplicatlon module (SAM) receives 
a secure container in which content data encrypted with 
content key data, the encrypted content key data, and 
usage control policy (UCP) data designating a handling 



policy of the content data are stored, and determines at 
least one of the purchase mode and the usage mode of 
the content data based on the UCP data. The SAM 
serves as a slave for a host CPU, and is also provided 
with a common memory shared with the host CPU. 
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content data and to rS^f'''''^''^"^^ ^° '^-code me 
^yPe Of s.ch data proZZ ^T'^ ' ^ ^^^"^^'e- One 
e'ectron,cn,us/cd/str/buSn;^^^^^^^^ 's a conventional 
'ng mus/c data. ^^^^^ system for distnbut- 

£uO03J Pig . 

conventiona/ EMD system 7nnf "'"stratmg a 

content prov,de. 70?^ a,d 70 S ^''^ ^y^*-- "oo 
704a, 704b, and 704c anrt ^"'^'^P^ ^°ntent data 
705b, and 705c by u^na Te, ''''^'' '"^nnation 7o£ 

encrypted data to a ^"'^"'^n provide tht 

niay ,nc,ude serial copy ^^1°" 7°5b, and 705c 
•nformatlon, digital wate/^aS'"' "^"'^"^ ^SC/WS) 

sion key data. ' ''^ ^"'^ ^"^^^V t^e useof th/S- 

copgntln'or^l'^^;^^^^^^ then embeds the 

coded content data 704a ^Sf ' '^S'^ '"'o the de 
been received online or offSf ' ^"'^ "'''te'' have 
data 707a, 707b. and 707c "nVh° '° ''^"^'^ 'Content 
copynght infomiation 704a 704L ^= P^rt of the 

prov-der 7lo embeds the dioT, ' ^^^^ ^en^icj 
'ntothecontentdata'wa S?b^"L''^«^'^'n^onT,aTion 
predetem,ined frequenc^' domain^ ^"^"^'^S 
SCMS.nfomiationlntoneLnT^ ' ®'"be<is the 
-'•tt/ng the content ^i^^ZTvlT"^^ "^"^ 

°^^'704b,and704ctotheus- 

rO0067 Th« . 
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SSdlJ^^'Ja'^'^^^P^''^^'- also encrypte the 
data Kca, Kcb, and^^L' X'^^^ "'"^'^-^'-'^ey 
database 706. Subsequery'^^'""^'.^^^'^ ''^^ a key 
encnrpts a secure contarne?722 7t0 
CT^pted content data 707a 7S ^""^ en- 
session key data obtained after^ir"" "^'"9 
thentfcation, and sends thL P^'^onning mutual au 
722 to a conditional accl"~ ^"''^^^^"'■e 

container 

a termlna, device 709 of the us j ^^"^-'^ '» 

[0007J The CA module 711 hZ ^ 
tainer 722 by using the seL/o o ! '"^ ^«^"re con- 
u/e 711 also receivL the con ^'^^ mod- 

Kcx from the key databar7S ,'flf ^ Kcb. and 

710 by us.ng an accounting func^.V^^^a'^^^^^^^ 

' *>ucn as an e/ec- 
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key data and sends it to a rig^s t?^ """^ ^''^ «^«'on 
roanT'^'"'^ provider 7lo^ Processing module 720 
10U09J In this case tho 

processing on the iteml coJim^^^^^^ 7ii pe,fom,s the 

ad by the service provider 7, 0 "n or^ '^'^''^^^ P^o-^ 
'o be managed by the servk^e ^ " «l ''ams 
er-s contract (renewal) info^.^ '^^^^io, such as us- 

rrr;:c~^ 

caLT.''"' '"'"''''^ 'oifVo'lb ""^°"'""^^^°a:d 
""ot'l^P^f'tsaredistributedfror^'.h^"'' ^Olc. in this 
710 to the content providers 7n? '""^ ^arvlce provider 
an .ntemiedlan., for examo ! ' 701c vte 

f^'ghts Of Authors Sn^*^ ' ^^^'^apanese Societv 
RAC). •JASRAcio dSr'\^'"' Publishers (7as 
providers 701a, 70lb aTd ?"P'°"'«<'^'''eco^^^^^^^ 
f a artist, the composer ?he w^'° ^^^P^^S^t hoWe^ 
co-Pany Of the content ZZTr ''-^-'on 

-^cdecodrrt^cV^^ ^Or.. 707b. and 
Kcc, respectively, on a recoSno ^ and 
a random access menrZ^'^S.^'f^''''^ 723, such as 
709 perfomis copy contrZl" ^' *amiinai device 

He^rrts^^ 

copying (copy once) a "d^^H ^na-genera^n 
nght protection. ^""^ /nsutficient for copy? 

n-ei^^f^rro:^^^^^^^ 

act.on Of the service Tovidr^.n ^° '"on'to the 
ab'e to freev handle CuToZr^t''''^ ^^^'^"-a"y 
the profit Of the content p"ov!de^7of ''''"'^"^ ^ata. and 
' axplor^" and 701c 

709..such as authoring rcon em^r"^ ''"^"'-> '--^ol 
the service provider 7T0 andTw '^'stributed from 
10 emiinal device, thereby .7 '' '"^ '° ^"°^'^a7 
Pro -ts Of the content prvS;?7oi?^? ^'^ 
fOOISJ Accordingly /„ ^' ^Olb, and 701c 

problems inherent'ir';je1etrfr;':^^°^^"^-«°-<^ 

^'^^ an aim of at 
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tem, and a data proceSa m^fn I f ^ Processing sys- 
a content provider. °°"'ent-nghts holder, such as 

P-cess/ngn^ethodt^erJSTr'lV''''"' ^ 

s:nCr----»iir^^^^^^^ 

performing rights processinL of 
^■>th content key da^a b2d '^"^^ ^"c^VPt^cJ 

(UCP, data. and^o; decJpt^tH^'" "^^'-^ 
key data. The data procS„l f '"^ encrypted content fs 
a tamper-resistant SrrurmoLTrr' '"'^'"'^ 
-et.c processing circuit LnneSd 
Pefforming the rights ''"s. for 

based on the UCP data TsTo^o' °' ^^'a 
tf^e first bus; a second bus a fiT T*""' 
posed between the fir^t b, s and tlr^"'"" 
cryption processing circu/t ^ ^^""""^ "us; an en- 

fordecn^ptingthecoSk;^^^^^^^^ 
'nterface circuit conned,! .orJ' ^"'^ ^" ''"^ 
rO018, According to tie 
processing apparatus, coment d.Tr""°"^' 
content key data and roJr '=°rrespondinQ 

content key data is St ruted' ^JlV" '^'^'^^""^ ^"^^ 
, ^f°^ed. forexamp/e, in theabovJ^ ^^"^^ ''^^^ 
cuit. ^''°''®-<^escribed storage cir- 

Kroc'Ts^l^XTaTe^:^^^^^ 
apparatus via the e«ernaT h "'^'"^*'° Processing 
rights processing of T^face circuit, the 3s 

d^ta is executed in the '^''"''^"^^°"»''«UCP 
processing Circuit. Thereafte thr""°"^^ ^"*^'"««c 
J^^Wed in the ^mJuc ^lTssTnTf '''' 
the license key data read from th ^ "sing 
f0020] The afo,em?nCed Ir 
t"s perfomis mutual autScatl "Z""^'''"^ ^P«™- 
-ng apparatus, and encrypSThI " ""^ 
data and content data b^usfnL^ ^ey 
tained by mutual authemicatton '^^^ ^^'^ c^- 

decoding apparatus °"' ^"^ '"em to the 4s 

•n thetamper-resistant Jr^u?^ " r^-:'^''^^^^^^^ 
'nclude a third bus conneS! Zt "^^V 
'"9 Circuit and the storage cifcuV a'nr';'^'"' 

nectedtothefirstinterfacec cut andfn 
face circuit may be intemoJwK ^"'^'^e second inter- 
the fourth bus ^°^^'"'«'«'«en the third bus and 

Kyfl^^itS^^^^^^ « 
cuit module; a fifth bus aTL i^'"''^''-^^^'^*^"' «>- 
«c( to the fifth bus, for perfollr^''^''^'^^^^^ 

Pertorming communication with a 
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«cn Which is loa'dell o^^'t "V" ^"''^-"'ication func- 

an integrated circuit card and t?'"''*"^ ar"* 

.nterposed between the foul h '"'^''^^^ ^'^cuit 

r0023J ,n the aforemenSonl ? ^"^ ''^^ ''"s. 

ratus, the encryptio" prol^si^^^^^^^ appa- 

Public-keyenco.ptionc^rcurta„? """" "^^^ '"""^^^ a 
tion Circuit. circuit and a common-key encryp- 

data Process' ng "pplS^i°^^ '^^^ ""^'^^ 
second data proceLinTapparall th '° ''^^^ a 
cryption Circuit may verify tEe!nf ^^^^ P"blic-key en- 
wh.ch verifies the ^60^ J h^"'^°'"'9"«'"re data. 

key data, and the ul^^d^ta T"' 
sponding public key data Whin ^ "^'"^ ^'^^ corre- 
data. the content key d^a ^h^.^^''^^ ^'^^ '^""^^nt 
cording medium or whenlnH ^ ^^'^ °" « 'e- 
data processing appar^us ^f" ^° '^^^^^ 

crcuit may create signature dat wh t'"^ ""'^'^P^'^" 
tegntyofthecontentdata L f "'^"fi^s the in- 

UCP data, by using he p;(i'4\°2^^^ and the 

keyencryption Circuit 4vTl'!L^^^^ 
and When sending the^ontenf 7/ '"^ "^^V '^ata. 

ta, and the UCP data to the " * "'^ 
Paratus online, t.e co^'^^lll"' '^^^ 
encrypt and decrypt 7^ ° ,^ enco^ption circuit may 
data, and the UC^^IJbr'^"^ ^''^ °°"tent kJy 

tainedbyperfoo^ingmutuXS^^^^^^ "^^^ '^^^^ 
fr23t^ processing' -PPari^us 

tu3mayfurth%rSit^^^^^^^^ 

within the tamper-resistrnr r. ^ ^ generating circuit 
'ng hash values'of th^ct^'^ T""''' ^^'^^^^^ 
andtheUCPdata.Theputckt^^^^^^^ 
^'enfy the integrity of the sinn.f ^ ^"cryption circuit may 

the Signature date by us/no thiT ^ ""^ "^^^ -^^^te 
f00261 The afnro^ f ^ ® ''ash values. 

miy furi^eMruraTl'om '"^'^^^^'"^ 
crcuit Within the tamper re^C??"""'^''^' generating 
random-number genX nacr"; T^e 
the second bus. ,0^9';^^" 

Perfomiing mutual authentSn^ 
processing apparaturwhe' s-^.^'*^ ^^ta 
the content key data Zh I 1?'''"^ content data 

-us'JheL"::r,trsitc'^^^^ 

to an external storage 1^^^^*="'* "^"^ ''^ '^^""ect- 
of the content data, the conSnt^ T'"^ '^^^^ 
data. ' °°"fa"t key data, and the UCP 

Sist^^gtStT^^^^^^ 

cess to the storage ciS ri. ^'^"'' o°"trolling ac- 
storage circuit via the ewLn",? f '° '""^ «««rnal 
acconiance with a command ^ '"''^"'^^ 
processing circuit ''""''"^"^ 'rom the arithmetic 



3 



Paratus is loaded processing ap- 

managing an address ^ace 0^^?"""^ "'^^"''^ 
and an address space of fh? f ® ^'°'^9® °'^cuit 

ratus, the arithmetic processfnc ","^^^^"^9 appa- 
at least one of a purchase m^?f ' '"^^ determine 
the content data basefon a ZT " °' 
by the UCP data, and may createto'n't 
result Of the determined mode ^ '"'"'=^""9 « 

10032] In the aforementioned dat« nr. 

ratus, after detemiining the Durrh. P'°'=^=^'"9 «PPa- 

metlcprocessingcircuitrayoreate,^^^^ 

data in accordance with the det!^ 

and may control the asl itl 

the usage control status dmf ^^^^ ''^^^'^ °" 

Sn r^^or^i^^^ appa- 
Chase mode is detemiined . ^' "^^^^ P^^' 
common-key encryZn^^uft mlT'*"^ 
key data and the usaq! coS ^"'"'^P' ^"^^ <=°"tent 
d-m key data co re^po °d ^1^^^^^^^^^^^ ^^^^ ''^ "^'ng me- 
f0034J In the aforememionl ?! 
ratus, the content Srdarmav be f"'""' 
cense key data having an Sr^^f^ encrypted with li- 

circuitmaystorethe crse1::7ata'^ 
'ng apparatus may furtherlnr/nH ^ "^^^ 
generating real Ze THl alZ^ ""^^ 
may readthe effective licenslTr^ w P^^^^^'^S circuit 
Circuit based on the r^al timl 1 the storage 

cock. The common-kty Inc '^J':^'^ "'"^ 
the content key data by usTn«Th "^^^ ^^'^^t 

r0035J ,n the data proSn?.n'' "^^"^"^^y 
cincuit may write and eS2a 
data processing appaTatus °' "^'^e 

tamper-resistant ciSmoH , ^^ «"thin the 

cuit for cent J gTh^wrSn • ^ "'^""'^'^ control cir- 
into and from the storL!?^ .^""^ ^'^^'"9 °f ^^^^ data 
the control of he *" °' ""der 

r0036J Ac^ordiri. !'''°''^^^'"9'=*'-'="'t- 
ventio!,. tJeTetpired? d^ro"^" °^ 
forperfom,ingrigLpr7cessfn?.r°''^'"'"^^PP«^«*"« 

ed w.h contentUra\re'dlruc7dT'"°'^^^- 
decryptmg the encrvoted c^r^nZ T, ^r 

ProcessingapparatuTcLesS.- ^t^- ^^^^ 
crcuit module: a first bus an aHth ' r '^'"P^^-^^^'stant 
cuit connected to the firat b!,c T"" P'"°'^ess'ng cir- 
processing of the ^ont^ SaJ LlT"""'"^ '""^ "9^*- 
« storage circuit connSed tl^^ ^OP ci^t^. 

bus; an interface cireuSlo wl'"^' ^ =«<^°nd 
and the second b^ln 1^'^'' ''^^^^'^ 

connected to the second bus Sd°" '^'"'''"^ '^'^""''^ 
keydata;andanexternalbuJ'iI? ^ '''^P*'"9»'^«'=°"tent 

to the second buruZ J^"'^''^'^^'^'"^"'^ «^°nnected 
^P°" rece,v,ng an interrupt from an 
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external circuit via the extpmoi k • 
arithmetic processingcSZ ' '"^'^^'^^ '^'^^"'t. the 
ternal circuit so as to peS^lf ' 
^ the interrupt, and rep^r^Tre'sroHh"' '"'^"^^^'^ ''^ 
^ the external circuit °' the processing to 

-s VaXl:~-/- ---ng appa- 

She^e^^ri^Sr appa- 
memoor for the arithmeJc oro^! ^ '"'""^^ ^ 
temalcircult The aritTml. ^'"^ '^'^^"'t and the ex- 
, ''^--sultofthep'c^^^^^^^^^ 

The external circmt may obta n k ^ '^«"'°'y- 
fng by polling. ' """"" result of the 

process- 

SheXS^SS^^^^^^ 
^ tus register indicatina an ! ^^'"*='"'^^■■««'^tsta- 
-° processing requested 'from their" ''"'"^ °' 
arithmetic processing ciS^ andtn ?T' 
the arithmetic process^o "1 . "*"9 ^ ««t by 
nai c,-«:uit; a second 3 Is relr' ^''^ ' 
the external circuit has ^ff '"^'^""9 whether 
Processing Circuit to perfoL n^"^"'^'' ^"»'^metic 
a fag set by the eSemarr/^^'""^' ""^ '"•^'"^•ng 
-etic ProceLlngt^crand I'"^ 

- ^-^'J:^^:^^ g appa- 

describing the process no l '"'^^-^Pt Program 

processing by executinathf ? '^^^ P^^fomi the 

the storage cS ^^''^'"*«^^"P' Program read from 

-Trp^raXt^^^^^^^^^^^ - --9e 
andapluralityofsub rou^nl? 1 "'®"^P' Programs, 

the 'nterrupt progrfm T rarithm^^^^^^^ ^'^"'^^ 
may appropriately read and 1 P'°''^^^''"9 circuit 

from the storage cS ".In "'"''^'"^^^^^^ 

p^02--f^m;;~ 

^ eluding: an arithm'e«rprocess^a T""'"'"' '^'"'^ 
^ -ng a predetemiined progmr^ "^^T'"'"'' 

terrupt according to a oTdntT °' °"tputting an in- 
•ng as a masterf^nd a Sfnr"^'.'°"*"°" 
Perfonr,ing Predeterm^fd proSsZ"l'''"^^^^ 
the interrupt from the arithm T ^ " response to 
^ by serving as a slave nral'm ^^^^ ^^'^'^'^^ 
paratus. and for reporting a%3Tof l'~'^'''"9 ^P' 
the arithmetic Droces.,ino o ^"^^ Processing to 

-ng apparatus may tSuTw^^^^^^^ "^^ '^^'^ P^-- 
cuit module: a deteiroZn Tn /? '^'"P^^-^esistant cir- 

one Of a purchasl Ze fnd a T ''^'""'"'"^ 
-9aresu.toftLdet~oa^^ 



4 



of the process/no biy ^ ^^^'^^^^"s may obtain 
through po«,-.g."^ -'^'^^^-•ng the 000,^^:^-'^ 
[0O46] In the afomrr, °" "lemory 

tern, the data ProceJnTZ:''-^ Processing sys 
status register /nd/caWnq an 1 ^ '"^^ '"^'^de a f/^^.' 
procassmg requested ;?n, thr"'""°" «^«tus of he 
apparatus, and me/..H,v,_ arithmet/c or ^J^^.^"® 
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forreceiV/ngfromfh 
partus ? '='^te;m/ned bv th! w " P''''^^ '^ata for 

'"9 apparatus perfo^ '"^ ^ faster A Sr? 
' apparatus bv ,i '"P' arithllr ^^""^ 

processing to SL ^^"^' 3"^^ reports I ^"f^^netic 

'^^'-Proces ;g:r''^-«-Proc2sLaoof ' °' 
sistantc/rcuft^ '"c/udes S '^'^^'^''^^ 

'east one ^ ''^'em.nCZ " ^ 

'Content da a r^'^^-e '"ode and a ' r'''''""''""^ 
status. res,ster /nd/cat/ng an^ exZ" '"^^ ''"^'"'^e a ''^ ^''e UCP data ^^r.^" °" "'^ ''^^d'-ng oolwf """"^ °' 

procassmg requested from thf ^'^'^^ of thl ""'^ S^^eratoToen '""^ received '""''^'^'^ 

apparatus, and /nc/ud/ngTf, ' ^"'''"^"'^ Process.^Jr . '"^'^rrr^h^^d r^^T^'^' '°9 ^^^^a Et? "'^ ^ '°9 
processing apparatus- a J ^ '^^^ ''V the arithm ^ '^ata andTh?, ^" output unit ^^ ^ '^^u/t of 

ing w.etherthear/th"rnXrc:s3?^" -^'^teT^i^ ^''-"e ^4 "^^'^ to the'r.l"3;eZf 
quested the data procp«- ^'^^^PParatushn '"'ned. A d^r.n ""^^^ of the conff T ' ^PP^'a^us 

.ocessing by the /nC"? "I t^^-- to~ f^^^^J A^or ""'^ '^-^pir!^^^ 



,ng '^'"^'^^rmear/thmet/cprocp^o '^9«ter /ndfcat 
quested the data process °ra 'n^^^P-'-atu^ 
processing by the iryterruot T^. ^^^'^t^s to perfoll 
the arithmetic Process nTaolT « "ag se°^ 

nnemory for storing a resu/t o't he ^''^ oommo^' 

r0047] The aforementioned w«!'"°*''^^'"9- 
may further inciude a bus forr^T ^'''^essing svst*.m 
processing apparatus .nVttZlT' -''^-2" 
, ^""=®^'"gappara- 
10048] the aforementioned w 
tern, the data processing apDar»7 "'""'Messing sys- 

power state after comp,e?nrme ex ' ^"'^^ « 'ow 
initia/ program and the /nterj^pt ,ou«''''°" °' of an 
f0049J aforementioned da i - 

tern, based on the interrupt received? P'°^®^S'n9 sys- 
processing apparatus, the data nr ^"ttimet/c 
may execute the 'nterrupt.rout/ne^n ^PParatus 
(east one of processing for detem^ ^<=oordance with at 
Chase mode and the usage modToT.h °' P"r- 
processing for reproducing the *^°"tent data 

processing for downioading the dat?* "^^^^ and' 
authority, •*'a from a certifying 

roosol In the aforam^-*.. 
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fOOSOJ '''e aforementioned data n 
tern, the anthmetic processing aDD«rL'^'°*'®^®'"9 sys- 
a predetennined userprogram "^ay execute 

[0051J According to a further aspect or.^ 
vention, there is provided a data nr P''®®®"' 
which content data provided by a dat ^'"^ ®^^tem in 
ratus is received from a data distribuH? ^'°^''*"9 appa- 
is managed by a management aon^ and 
processing system includes- a firct ^he data 

t"-st processing module . 
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'"'•ned A decr^^ "'^^^ °f the cont ? ^^P^'^^us 

f0052J At;T°" ""'^ 'decrypts me r ''"'^ ^^^t^^" 
••"-ent on^r° to a Vet furt??,l3^J7 tent '^^ta. 

'"c/uding ' P^^'^ied a data ^"^^'"^ the present 

'^^'^9 a predeT'""""'^ P^'"^- ^ng Jir'""^ ^''^tem 
'■--'ptar;;7-7P-9ram7^^^^^^^^^ 

sponse to thelT'''^^'^ '^^h content ^ P^^^^^sing 
apparatus by ^''i^'^^P' ^rom the aShmet,?'o'''' 
P^°<^essingaLar.T^ ^ ^'a^'a foT '^'"'"'""^'"S 
Processing to th?'""' ^^r repomn' I r '"'"^^"^ 
s^oond tamper!! •^™''"^tic process^ °' 
crypts thpT ^^'^tantdataororZ ^ apparatus, a 

•^SnVit^pS' '^'^ -!^rthn?„r ^^^^^ -^e^ 

"rst tamper r? °"""'9 '""tua/ authL? ^"^ "^^^ ^^ta 

sponse to fL ''®'^°'"Presses the rol '^'^^'■^'"^ and 
apparatus ol thT^'^P' the a'^Z:"' '^^ta in re- 
apparatus by tl''' '"'"P^'-^^-St^S ''^°'^^^-"9 
P^°oessingapnarr;"9 ^« a Blave7or^lT°'''''"9 

Processin?aon= "'st taSl? ""'"'"^tic 

^«ta proce^sS ^"^»'eseionJ":;:«^'^tant data 
f00S4J Acco d/^''''^'"^'"^- ^'""^"-'■^^'"stant 

"aroroutputting an /n- 
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^"s. sna reports r ''^®«"f'imet,CB '"^ ^PPa^atus bv 
w/th the arifhm ."""^performs m f ^"^'-^es/stant 

tern, thB second tZT^"*'°"^ci data nr 
'^^y decrypt snJ^'^P^'-'^Sistamnrr, "'"'^^ss/ng 

crcun. '^"'^«"«caifonvv,>?f '"9 apparatus 
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arithmetic n 

as a 'taster; peS>L^.'-«^«tem,/oeJ^;;^^^^^^ /nter- 



rs 



ing as a master ? ° ! "'^^^te^m/aed L ^"'''"S ^" 'n- '^^P°nse to tn a famn ' ''^^^ ^"onJtert 

tent data fror^i^^^PP^^atus and re^^^^^^ ''°^^--ing toT.e ^ '^' repoTna V'^ ^^^h^^X 

to the interrupt f^o ' ° ' '^''°''''^9rrS,iuZ """'^^^ ,?'^'>Pf'ng, Z\ "^^^^ prpoe^inn °f the 

tus. A second tlm^ ^ ^^'^niefc Jr,""^ response «^°"tent dati ^ "^ata or!!^^ ^PParafus- an? 

in response to the L ^^°'^P^sses Thl '^^^ <*a- 55 ^"^ content If ^""'^"'"Presslr ^''^ ^''^^ data 

ing apparatus iy se^r""' ^'^^ antw?"'^"^ ^^^^ T''''"^^ ^° Z inte """"" ^ '-CS^^r^^'^^^^Press 

process/ngapparat.! as/ave for?^"''"'°'=«ss- ^^P^'^tus or thl ^'^^^ ^^^'^ f/ie T/th '"''-^'^te J 
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(57) A secure appplication module (SAM) receives 
a secure container in which content data encrypted with 
content key data, the encrypted content key data, and 
usage control policy (UCP) data designating a handling 
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Description 

[0001] The present Invention relates to a data 
processing apparatus and system for performing 
processing for provided content data, and a data 
processing method for such an apparatus and a system. 
[0002] A data providing system for distributing en- 
crypted content data to data processing apparatuses of 
users who have made a predetemrilned contract and for 
enabling the data processing apparatuses to decode the 
content data and to read and record It is available. One 
type of such data providing systems is a conventional 
electronic music distribution (EMD) system for distribut- 
ing music data. 

[0003] Fig. 106 is a schematic diagram Illustrating a 
conventional EMD system 700. In the EMD system 700, 
content providers 701a and 701b encrypt content data 
704a, 704b, and 704c, and copyright information 705a, 
705b. and 705c by using session key data obtained after 
performing mutual authentication, and then provide the 
encrypted data to a service provider 710 online or of- 
fline. The copyright information 705a, 705b, and 705c 
may include serial copy management system (SCMS) 
Information, digital watermark Infomnation for embed- 
ding copyright Information into the content data, and in- 
fonnatlon for embedding copyright infomnation into 
transmission protocols of the service provider 710. 
[0004] The service provider 71 0 decodes the received 
content data 704a, 704b, and 704c, and the copyright 
Infomiation 705a, 705b, and 705c by the use of the ses- 
sion key data. 

[0005] The service provider 710 then embeds the 
copyright infomnation 705a, 705b, and 705c into the de- 
coded content data 704a, 704b, and 704c which have 
been received online or offline so as to create content 
data 707a, 707b, and 707c. In this case, as part of the 
copyright information 704a, 704b, and 704c, the service 
provider 710 embeds the digital watennarklnfonnation 
Into the content data 704a, 704b, and 704c by changing 
predetemnined frequency domains, and embeds the 
SCMS information into network protocols used for trans- 
mitting the content data 704a, 704b, and 704c to the us- 
er. 

[0006] The service provider 710 also encrypts the 
content data 707a, 707b, and 707c by using content key 
data Kca, Kcb, and Kcc, respectively, read from a key 
database 706. Subsequently, the service provider 710 
encrypts a secure container 722, which stores the en- 
crypted content data 707a, 707b, and 707c, by using 
session key data obtained after perfomning mutual au- 
thentication, and sends the encrypted secure container 
722 to a conditional access (CA) module 711 stored in 
a tenninal device 709 of the user. 
[0007] The CA module 711 decodes the secure con- 
tainer 722 by using the session key data. The CA mod- 
ule 71 1 also receives the content key data Kca, Kcb, and 
Kcc from the key database 706 of the service provider 
710 by using an accounting function, such as an elec- 



tronic settlement system or a CA, and decodes It by us- 
ing the session key data. This enables the terminal de- 
vice 709 to decode the content data 707a, 707b, and 
707c by using the content key data Kca, Kcb, and Kcc, 
5 respectively. 

[0008] The CA module 711 performs accounting 
processing for each content so as to generate account- 
ing information 721 , and encrypts it by using the session 
key data and sends it to a rights processing module 720 
10 of the service provider 71 0. 

[0009] In this case, the CA module 711 performs the 
processing on the Items concerning the services provid- 
ed by the service provider 71 0, in other words, the items 
to be managed by the service provider 71 0, such as us- 

>5 er's contract (renewal) Infomnation, collection of, for ex- 
ample, a monthly basic fee incurred by using a network, 
accounting processing for each content, and ensuring 
the security of the physical layer of the network. 
[0010] Upon receiving the accounting infomnation 721 

20 from the CA module 711, the service provider 710 dis- 
tributes the profits between the service provider 71 0 and 
the content providers 701a, 701b, and 701c. In this 
case, the profits are distributed from the service provider 
710 to the content providers 701a, 701b, and 701c via 

25 an Intermediary, for example, the-Japanese Society for 
Rights of Authors, Composers and Publishers (JAS- 
RAC). JASRAC also distributes the profits of the content 
providers 701 a, 701b, and 701 c to the copyright holder, 
the artist, the composer, the writer, and the production 

30 company of the content data, etc. 

[0011] In recording the content data 707a, 707b, and 
707c decoded with the content key data Kca, Kcb, and 
Kcc, respectively, on a recording medium 723, such as 
a random access memory (RAM), the terminal device 

35 709 perfonns copy control by ovenwriting the SCMS bits 
of the copyright infomiation 705a, 705b, and 705c. That 
is, the user performs copy control based on the SCMS 
bits embedded into the content data 707a, 707b, and 
707c, thereby implementing copyright protection. 

40 [0012] The SCMS prohibits the copying operation of 
the content data, for example, for two or more genera- 
tions (copy free), but allows unlimited one-generation 
copying (copy once), and Is thus Insufficient for copy- 
right protection. 

45 [0013] In the above-described EMD system 700, it is 
necessary for the content provider 701 to monitor the 
action of the service provider 710, who is technically 
able to freely handle the unencrypted content data, and 
the profit of the content providers 701 a, 701 b, and 701 c 

50 may be unfairly 5 exploited. 

[0014] Additionally, in the EMD system 700, it is diffi- 
cult to restrict Illegal actions of the user's terminal device 
709, such as authoring the content data distributed from 
the service provider 710 and re-distributing It to another 

55 10 terminal device, thereby also unfairly exploiting the 
profits of the content providers 701a, 701b, and 701c. 
[001 5] Accordingly, in addressing the aforementioned 
problems inherent in the related art, It Is an aim of at 
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least an embodiment of the present invention to provide 
a 15 data processing apparatus, a data processing sys- 
tem, and a data processing method therefor, for suitably 
protecting the profits of a content-rights holder, such as 
a content provider. s 
[0016] It is another aim to provide a data processing 
20 apparatus, a data processing system, and a data 
processing method therefor, for reducing a load for pro- 
tecting the profits of a content-rights holder, such as a 
content provider. 

[0017] According to one aspect of the present inven- 
tion, there is provided a data processing apparatus for 
performing rights processing of content data encrypted 
with content key data based on usage control policy 
(UCP) data, and for decrypting the encrypted content 
key data. The data processing apparatus include within 
a tamper- resistant circuit module; a first bus; an arith- 
metic processing circuit connected to the first bus, for 
perfonning the rights processing of the content data 
based on the UCP data; a storage circuit connected to 
the first bus; a second bus; a first interface circuit inter- 
posed between the first bus and the second bus; an en- 
cryption processing circuit connected to the second bus, 
for decrypting the content key data; and an external bus 
interface circuit connected to the second bus. 
[0018] According to the aforementioned data 
processing apparatus, content data, con-esponding 
content key data, and con-esponding UCP data are dis- 
tributed, and also, license key data for decrypting the 
content key data is distributed. The license key data is 
stored, for example, in the above-described storage cir- 
cuit. 

[0019] Then, in response to an instruction to perform 
rights processing from an external arithmetic processing 
apparatus via the external bus interface circuit, the 
rights processing of the content data based on the UCP 
data is executed in the aforementioned arithmetic 
processing circuit. Thereafter, the content key data Is 
decrypted in the arithmetic processing circuit by using 
the license key data read from the storage circuit. 
[0020] The aforementioned data processing appara- 
tus performs mutual authentication with another decod- 
ing apparatus, and encrypts the decrypted content key 
data and content data by using the session key data ob- 
tained by mutual authentication, and sends them to the 
decoding apparatus. 

[0021] In the aforementioned data processing appa- 
ratus may further include a second interface circuit with- 
in the tamper-resistant circuit module. The first bus may 
include a third bus connected to the arithmetic process- 
ing circuit and the storage circuit, and a fourth bus con- 
nected to the first interface circuit, and the second Inter- 
face circuit may be interposed between the third bus and 
the fourth bus. 

[0022] The aforementioned data processing appara- 
tus may further include within the tamper- resistant cir- 
cuit module: a fifth bus; a third interface circuit connect- 
ed to the fifth bus, for performing communication with a 



data processing circuit having an authentication func- 
tion which is loaded on one of a recording medium and 
an integrated circuit card; and a fourth interface circuit 
interposed between the fourth bus and the fifth bus. 
[0023] In the aforementioned data processing appa- 
ratus, the encryption processing circuit may include a 
public-key encryption circuit and a common-key encryp- 
tion circuit. 

[0024] In the aforementioned data processing appa- 
ratus, the storage circuit may store private key data of 
the data processing apparatus and public key data of a 
second data processing apparatus. The public-key en- 
cryption circuit may verify the integrity of signature data, 
which verifies the integrity of the content data, the con- 
tent key data, and the UCP data, by using the corre- 
sponding public key data. When recording the content 
data, the content key data, and the UCP data on a re- 
cording medium or when sending them to the second 
data processing apparatus, the public-key encryption 
circuit may create signature data, which verifies the in- 
tegrity of the content data, the content key data, and the 
UCP data, by using the private key data. The common- 
key encryption circuit may decrypt the content key data, 
and when sending the content data, the content key da- 
ta, and the UCP data to the second data processing ap- 
paratus online, the common-key encryption circuit may 
encrypt and decrypt the content data, the content key 
data, and the UCP data by using session key data ob- 
tained by perfonning mutual authentication with the sec- 
ond data processing apparatus. 

[0025] The aforementioned data processing appara- 
tus may further include a hash-value generating circuit 
within the tamper-resistant circuit module, for generat- 
ing hash values of the content data, the content key data 
and the UCP data. The public-key encryption circuit may 
verify the integrity of the signature data and may create 
the signature data by using the hash values. 
[0026] The aforementioned data processing appara- 
tus may further include a random-number generating 
circuit within the tamper- resistant circuit module. The 
random-number generating circuit may be connected to 
the second bus, for generating a random number for 
performing mutual authentication with the second data 
processing apparatus when sending the content data, 
the content key data, and the UCP data to the second 
data processing apparatus online. 
[0027] In the aforementioned data processing appa- 
ratus, the external bus interface circuit may be connect- 
ed to an external storage circuit for storing at least one 
of the content data, the content key data, and the UCP 
data. 

[0028] The data processing apparatus may further in- 
clude a storage-circuit control circuit for controlling ac- 
cess to the storage circuit and access to the external 
storage circuit via the external bus interface circuit in 
accordance with a command from the arithmetic 
processing circuit. 

[0029] In the aforementioned data processing appa- 
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ratus, the external bus interface circuit may be connect- 
ed to a host arithmetic processing apparatus for central- 
ly controlling a system on which the data processing ap- 
paratus is loaded. 

[0030] The aforementioned data processing appara- 
tus may further include a storage management circuit 
for managing an address space of the storage circuit 
and an address space of the external storage circuit. 
[0031] In the aforementioned data processing appa- 
ratuS; the arithmetic processing circuit may determine 
at least one of a purchase mode and a usage mode of 
the content data based on a handling policy indicated 
by the UCP data, and may create log data indicating a 
result of the determined mode. 

[0032] In the aforementioned data processing appa- 
ratus, after detemiining the purchase mode, the arith- 
metic processing circuit may create usage control status 
data in accordance with the determined purchase mode, 
and may control the use of the content data based on 
the usage control status data. 

[0033] In the aforementioned data processing appa- 
ratus, in recording the content data, for which the pur- 
chase mode is detennined, on a recording medium, the 
common-key encryption circuit may encrypt the content 
key data and the usage control status data by using me- 
dium key data corresponding to the recording medium. 
[0034] In the aforementioned data processing appa- 
ratus, the content key data may be encrypted with li- 
cense key data having an effective period. The storage 
circuit may store the license key data. The data process- 
ing apparatus may further include a real time clock for 
generating real time. The arithmetic processing circuit 
may read the effective license key data from the storage 
circuit based on the real time indicated by the real time 
clock. The common-key encryption circuit may decrypt 
the content key data by using the read license key data, 
[0035] In the data processing apparatus, the storage 
circuit may write and erase data in units of blocks. The 
data processing apparatus may include within the 
tamper-resistant circuit module, a write-lock control cir- 
cuit for controlling the writing and erasing of the data 
into and from the storage circuit in units of blocks under 
the control of the arithmetic processing circuit. 
[0036] According to another aspect of the present in- 
vention, there is provided a data processing apparatus 
for performing rights processing of content data encrypt- 
ed with content key data based on UCP data, and for 
decrypting the encrypted content key data. The data 
processing apparatus includes within a tamper-resistant 
circuit module: a first bus; an arithmetic processing cir- 
cuit connected to the first bus, for performing the rights 
processing of the content data based on the UCP data; 
a storage circuit connected to the first bus; a second 
bus; an interface circuit interposed between the first bus 
and the second bus; an encryption processing circuit 
connected to the second bus, for decrypting the content 
key data; and an external bus interface circuit connected 
to the second bus. Upon receiving an interrupt from an 



external circuit via the external bus interface circuit, the 
arithmetic processing circuit becomes a slave for the ex- 
ternal circuit so as to.perform processing designated by 
the Interrupt, and reports a result of the processing to 

5 the external circuit. 

[0037] In the aforementioned data processing appa- 
ratus, the arithmetic processing circuit may report the 
result of the processing by outputting an interrupt to the 
external circuit. 

10 [0038] In the aforementioned data processing appa- 
ratus, the external bus interface may include a common 
memory for the arithmetic processing circuit and the ex- 
ternal circuit. The arithmetic processing circuit may write 
the result of the processing into the common memory. 

15 The external circuit may obtain the result of the process- 
ing by polling. 

[0039] In the aforementioned data processing appa- 
ratus, the external bus interface may include: a first sta- 
tus register indicating an execution status of the 
20 processing requested from the external circuit In the 
arithmetic processing circuit, and including a flag set by 
the arithmetic processing circuit and read by the exter- 
nal circuit; a second status register indicating whether 
the external circuit has requested the arithmetic 
25 processing circuit to perform processing, and including 
a flag set by the external circuit and read by the arith- 
metic processing circuit; and the common memory for 
storing a result of the processing. 
[0040] In the aforementioned data processing appa- 
30 ratus, the storage circuit may store an interrupt program 
describing the processing designated by the inten-upt, 
and the arithmetic processing circuit may perform the 
processing by executing the interrupt program read from 
the storage circuit. 
35 [0041] In the data processing apparatus, the storage 
circuit may store a plurality of the interrupt programs, 
and a plurality of sub- routines to be read when executing 
the interrupt program. The arithmetic processing circuit 
may appropriately read and execute the sub-routines 
40 from the storage circuit when executing the interrupt 
program read from the storage circuit. 
[0042] According to another aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus, for execut- 
^5 ing a predetermined program and for outputting an In- 
terrupt according to a predetermined condition by serv- 
ing as a master; and a data processing apparatus, for 
performing predetermined processing in response to 
the Interrupt from the arithmetic processing apparatus 
50 by serving as a slave for the arithmetic processing ap- 
paratus, and for reporting a result of the processing to 
the arithmetic processing apparatus. The data process- 
ing apparatus may include within a tamper-resistant cir- 
cuit module: a determining unit for determining at least 
55 one of a purchase mode and a usage mode of content 
data based on a handling policy indicated by the UCP 
data; a log data generator for generating log data indi- 
cating a result of the detennined mode; and a decryption 
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unit for decrypting the content key data. 
[0043] In the aforementioned data processing sys- 
tem, upon receiving the interrupt indicating an interrupt 
type, the arithmetic processing apparatus may output to 
the data processing apparatus an interrupt indicating an 
Instruction to execute an interrupt routine corresponding 
to the interrupt type. The data processing apparatus 
may execute the interrupt routine corresponding to the 
interrupt type of the Interrupt received from the arithme- 
tic processing apparatus, 

[0044] In the aforementioned data processing sys- 
tem, the data processing apparatus may report a result 
of the processing by outputting an interrupt to the arith- 
metic processing apparatus. 

[0045] In the aforementioned data processing sys- 
tem, the data processing apparatus may Include a com- 
mon memory which is accessible by the data processing 
apparatus and the arithmetic processing apparatus. The 
arithmetic processing apparatus may obtain the result 
of the processing by accessing the common memory 
through polling. 

[0046] In the aforementioned data processing sys- 
tem, the data processing apparatus may include a first 
status register indicating an execution status of the 
processing requested from the arithmetic processing 
apparatus, and Including a flag read by the arithmetic 
processing apparatus; a second status register indicat- 
ing whether the arithmetic processing apparatus has re- 
quested the data processing apparatus to perform 
processing by the Interrupt, and including a flag set by 
the arithmetic processing apparatus; and the common 
memory for storing a result of the processing. 
[0047] The aforementioned data processing system 
may further Include a bus for connecting the arithmetic 
processing apparatus and the data processing appara- 
tus. 

[0048] In the aforementioned data processing sys- 
tem, the data processing apparatus may enter a low 
power state after completing the execution of one of an 
initial program and the interrupt routine. 
[0049] In the aforementioned data processing sys- 
tem, based on the interrupt received from the arithmetic 
processing apparatus, the data processing apparatus 
may execute the interrupt routine in accordance with at 
least one of processing for determining one of the pur- 
chase mode and the usage mode of the content data, 
processing for reproducing the content data, and 
processing for downloading the data from a certifying 
authority. 

[0050] In the aforementioned data processing sys- 
tem, the arithmetic processing apparatus may execute 
a predetermined user program. 
[0051] According to a further aspect of the present in- 
vention, there Is provided a data processing system in 
which content data provided by a data providing appa- 
ratus is received from a data distribution apparatus, and 
is managed by a management apparatus. The data 
processing system includes: a first processing module 



for receiving from the data distribution apparatus a mod- 
ule in which content data encrypted with content key da- 
ta, the encrypted content key data, UCP data indicating 
a handling policy of the content data, and price data for 

5 the content data detemiined by the data distribution ap- 
paratus are stored, and for decrypting the received mod- 
ule by using common key data, and for performing ac- 
counting processing for a distribution service of the 
module by the data distribution apparatus. An arithmetic 

10 processing apparatus executes a predetermined pro- 
gram and outputs an Interrupt according to a predeter- 
mined condition by serving as a master. A data process- 
ing apparatus perfomris predetennined processing in re- 
sponse to the interrupt from the arithmetic processing 

15 apparatus by serving as a slave for the arithmetic 
processing apparatus, and reports a result of the 
processing to the arithmetic processing apparatus. The 
data processing apparatus includes within a tamper-re- 
sistant circuit module: a determining unit for determining 

20 at least one of a purchase mode and a usage mode of 
the content data based on the handling policy indicated 
by the UCP data stored in the received module. A log 
data generator generates log data indicating a result of 
the determined mode. An output unit outputs the price 

25 data and the log data to the management apparatus 
when the purchase mode of the content data Is deter- 
mined. A decryption unit decrypts the content key data. 
[0052] According to a yet further aspect of the present 
invention, there is provided a data processing system 

30 including: an arithmetic processing apparatus for exe- 
cuting a predetermined program and for outputting an 
interrupt according to a predetemnined condition by 
serving as a master; a first tamper-resistant data 
processing apparatus for perfomning rights processing 

35 of content data encrypted with content key data in re- 
sponse to the interrupt from the arithmetic processing 
apparatus by serving as a slave for the arithmetic 
processing apparatus, and for reporting a result of the 
processing to the arithmetic processing apparatus. A 

"^0 second tamper-resistant data processing apparatus de- 
crypts the content data by using the content key data 
obtained by performing mutual authentication with the 
first tamper-resistant data processing apparatus and 
compresses or decompresses the content data in re- 

^5 sponse to the interrupt from the arithmetic processing 
apparatus or the first tamper-resistant data processing 
apparatus by sending as a slave for the arithmetic 
processing apparatus or the first tamper-resistant data 
processing apparatus. 

50 [0053] The aforementioned data processing system 
may further include a bus for connecting the arithmetic 
processing apparatus, the first tamper-resistant data 
processing apparatus, and the second tamper-resistant 
. data processing apparatus. 

55 [0054] According to a further aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting an in- 
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terrupt according to a predetermined condition by serv- 
ing as a master. A first tamper-resistant data processing 
apparatus perfonns rights processing of content data 
encrypted with content key data in response to the in- 
terrupt from the arithmetic processing apparatus by 
serving as a slave for the arithmetic processing appara- 
tus, and reports a result of the processing to the arith- 
metic processing apparatus. A second tamper-resistant 
data processing apparatus perfonns mutual authentica- 
tion with the arithmetic processing apparatus and reads 
and writes the content data from and into a recording 
medium in response to the interrupt output from the 
arithmetic processing apparatus. 
[0055] In the aforementioned data processing sys- 
tem, the second tamper- resistant processing apparatus 
may decrypt and encrypt the content data by using me- 
dium key data corresponding to the recording medium. 
[0056] In the aforementioned data processing sys- 
tem, when the recording medium is provided with a 
processing circuit having a mutual authentication func- 
tion, the second tamper-resistant processing apparatus 
may perform mutual authentication with the processing 
circuit. 

[0057] According to a f u rther aspect of the present in- 
vention, there is provided a data processing system In- 
cluding: an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting an in- 
terrupt according to a predetemnined condition by serv- 
ing as a master. A first tamper-resistant data processing 
apparatus perfonns mutual authentication with the arith- 
metic processing apparatus and reads and writes con- 
tent data from and into a recording medium in response 
to the interrupt from the arithmetic processing appara- 
tus. A second tamper-resistant data processing appa- 
ratus decrypts the content data by using content key da- 
ta and compresses or decompresses the content data 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus. 

[0058] The aforementioned data processing system 
may further include a storage circuit for temporarily stor- 
ing the content data read from the recording medium by 
the first tamper-resistant data processing apparatus, 
and outputs the stored content data to the second 
tamper-resistant data processing apparatus. 
[0059] In the aforementioned data processing sys- 
tem, the storage circuit may utilize part of a storage area 
of an anti-vibration storage circuit. 
[0060] The aforementioned data processing system 
may further include a third tamper- resistant data 
processing apparatus for performing rights processing 
of the content data encrypted with the content key data 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and for reporting a result of the 
processing to the arithmetic processing apparatus. 
[0061] According to a further aspect of the present In- 
vention, there is provided a data processing method us- 



ing an arithmetic processing apparatus and a data 
processing apparatus. The data processing method in- 
cludes the steps of: executing, in the arithmetic process- 
ing apparatus, a predetermined program and outputting 

5 an interrupt according to a predetermined condition by 
serving as a master; and detemiining, In the data 
processing apparatus, at least one of a purchase mode 
and a usage mode of content data based on a handling 
policy of UCP data, creating log data indicating a result 

10 of the determined mode, and decrypting content key da- 
ta, within a tamper-resistant circuit module in response 
to the interrupt from the arithmetic processing apparatus 
by sen/ing as a slave for the arithmetic processing ap- 
paratus. 

15 [0062] According to another aspect of the present in- 
vention, there is provided a data processing method us- 
ing an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method Includes the 

^0 steps of: executing, in the arithmetic processing appa- 
ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; perfonning, in the first data processing ap- 
paratus, rights processing of content data encrypted 

25 with content key data within a tamper- resistant module 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and reporting a result of the 
processing to the arithmetic processing apparatus; and 

30 decrypting, in the second data processing apparatus, 
the content data by using the content key data obtained 
by performing mutual authentication with the first data 
processing apparatus and compressing or decompress- 
ing the content data within a tamper-resistant module in 

35 response to the interrupt from the arithmetic processing 
apparatus or the first data processing apparatus by 
sen/ing as a slave for the arithmetic processing appara- 
tus or the first data processing apparatus. 
[0063] According to still another aspect of the present 

40 invention, there is provided a data processing method 
using an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method includes the 
steps of: executing, in the arithmetic processing appa- 

45 ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; perfonning, in the first data processing ap- 
paratus, rights processing of content data encrypted 
with content key data within a tamper- resistant module 

50 In response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and reporting a result of the 
processing to the arithmetic processing apparatus; and 
performing, in the second data processing apparatus, 

55 mutual authentication with the arithmetic processing ap- 
paratus, and reading and writing the content data from 
and Into a recording medium within a tamper-resistant 
module In response to the interrupt from the arithmetic 
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processing apparatus. 

[0064] According to a further aspect of the present in- 
vention, there is provided a data processing method us- 
ing an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 5 
apparatus. The data processing method includes the 
steps of: executing, in the arithmetic processing appa- 
ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; performing, in the first data processing ap- io 
paratus, mutual authentication with the arithmetic 
processing apparatus, and reading and writing content 
data from and into a recording medium within a tamper- 
resistant module in response to the interrupt from the 
arithmetic processing apparatus; and decrypting, in the is 
second data processing apparatus, the content data by 
using content key data and compressing or decom- 
pressing the content data within a tamper- resistant 
module In response to the interrupt from the arithmetic 
processing apparatus by serving as a slave forthe arith^ 20 
metic processing apparatus. 

[0065] The invention will now be described by way of 
example with reference to the accompanying drawings, 
throughout which like parts are referred to by like refer- 
ences, and In which: 25 

Fig. 1 is a block diagram illustrating the overafi con- 
figuration of an EMD system according to a first em- 
bodiment of the present Invention; 
Fig. 2 Illustrates the concept of a secure container 30 
used in the present invention; 
Figs. 3A, 38, and 3C illustrate the fonnat of the se- 
cure container sent from a content provider to a se- 
cure application module (SAM) shown in Fig. 1 ; 
Fig. 4 illustrates details of data contained in a con- 35 
tent file shown in Fig. 3A; 

Fig. 5 illustrates details of data contained in a key 
file shown in Fig. 3B; 

Fig. 6 illustrates the registration and the transfer of 

the key flle'between the content provider and an 40 
electronic music distribution (EMD)centershown in 
Fig. 1; 

Fig. 7 illustrates header data contained in the con- 
tent file; 

Fig. 8 illustrates a content ID; 45 
Fig. 9 illustrates the directory structure of the secure 
container; 

Fig. 10 Illustrates the hyperlink structure of the se- 
cure container; 

Fig. 11 illustrates one example of a recording me- so 
dium (ROM) used in the first embodiment; 
Fig. 12 Illustrates another example of a recording 
medium (ROM) used In the first embodiment; 
Fig. 13 Illustrates still another example of a record- 
ing medium (ROM) used In the first embodiment; S5 
Fig. 1 4 illustrates an example of a recording medi- 
um (RAM) used in the first embodiment; 
Fig. 15 illustrates another example of a recording 



medium (RAM) used in the first embodiment; 
Fig. 16 illustrates still another example of a record- 
ing medium (RAM) used in the first embodiment; 
Figs. 17, 18, and 19 are a flow chart illustrating 
processing for creating the secure container by the 
content provider; 

Fig. 20 illustrates the functions of the EMD service 
center shown in Fig. 1; 

Fig. 21 Illustrates usage log data shown In Fig. 1 ; 
Fig. 22 is a block diagram illustrating an example of 
the configuration of a network device within a user 
home network shown In Fig. 1 ; 
Fig. 23 Illustrates the relationship between a host 
CPU and a SAM shown in Fig. 22; 
Fig. 24 illustrates the software configuration imple- 
menting a SAM; 

Fig. 25 illustrates an external Interrupt to be output 
to the host CPU; 

Fig. 26 illustrates an Internal intemjpt to be output 
from the host CPU; 

Fig. 27 illustrates function calls output from the host 
CPU; 

Fig. 28 illustrates the processing status of a CPU of 
the SAM; 

Fig. 29 illustrates memory spaces of the host CPU 
and the SAM; 

Fig. 30 Is a functional block of a SAM within the user 
home network shown in Fig. 1, and also Illustrates 
the data flow when the secure container received 
from the content provider is decoded; 
Fig. 31 illustrates data to be stored in an external 
memory shown in Fig. 22; 

Fig. 32-illustrates data to be stored in a work mem- 
ory; 

Fig. 33 is a block diagram illustrating another exam- 
ple of the configuration of the network device within 
the user home network shown In Fig. 1; 
Fig. 34 illustrates data to be stored in a storage unit 
shown in Fig. 30; 

Fig. 35 is a flow chart illustrating the processing per- 
formed by the SAM for receiving the license key da- 
ta from the EMD service center; 
Fig. 36 is a flow chart illustrating the processing per- 
formed by the SAM for receiving the secure contain- 
er; 

Fig. 37 is a functional block diagram of a SAM within 
the user home network shown in Fig. 1 , and also 
illustrates the data flow when the content data is uti- 
lized and purchased; 

Fig. 38 Is a flow chart illustrating the processing by 
the SAM for determining the purchase mode of the 
content data; 

Figs. 39A through 39D illustrate the secure contain- 
er for which the purchase mode is detennined; 
Fig. 40 Is a flow chart illustrating the processing per- 
formed by the SAM for playing back the content da- 
ta; 

Fig. 41 Is a block diagram illustrating the operation 
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13 . 

of transferring the content file, for which the pur- 
chase mode is detemnined, downloaded into a 
download memory of the network device shown in 

Fig. 22 to a SAM of an audio-visual (A/V) machine, 
and re-purchasing the content file in the AA/ ma- 5 
chine; 

Fig. 42 illustrates the data flow within the receiver 
SAM shown in Fig. 41 ; 

Fig. 43 is a flow chart illustrating the processing 
shown in Fig. 42; io 
Figs. 44A through 44D illustrate the fonnat of the 
secure container to be transferred in Fig. 41 ; 
Fig. 45 illustrates the data flow when the received 
content file in the receiver SAM shown in Fig. 41 is 
written into a recording medium (ROM or RAM); 15 
Figs. 46 and 47 are a flow chart illustrating the 
processing by the receiver SAM shown in Fig. 41 ; 
Fig. 48 illustrates various purchase modes In the 
SAMs within the user home network shown in Fig, 1 ; 
Fig. 49 illustrates the data flow within an AA/ ma- 20 
chine when the recording medium (ROM) shown in 
Fig. 11 , for which the purchase mode is not deter- 
mined, is distributed offline to the user home net- 
work, and the purchase mode of the content file Is 
determined by the A/V machine; 25 
Fig. 50 Illustrates the data flow within the SAM of 
the /W machine shown in Fig. 49; 
Fig. 51 is a flow chart illustrating the processing per- 
formed by the SAM of the A/V machine shown in 
Fig. 49; 30 
Fig. 52 Illustrates the processing for reading the se- 
cure container, for which the purchase mode is not 
determined, from a recording medium (ROM) of an 
A/V machine within the user home network, and for 
transferring the secure container to another /W 35 
machine and writing it into a recording medium 
(RAM); 

Fig. 53 illustrates the data flow within the receiver 
SAM shown in Fig. 52; 

Figs. 54A through 54D illustrate the fonnat of the 40 
secure container transferred from the sender SAM 
to the receiver SAM shown In Fig. 52; 
Figs. 55 and 56 are a flow chart illustrating the 
processing performed by the sender SAM and the 
receiver SAM shown in Fig. 52; 45 
Fig. 57 illustrates the data flow within the receiver 
SAM shown in Fig, 52; 

Fig. 58 illustrates an example of connection models 
of the devices via a bus within the user home net- 
work; so 
Fig. 59 illustrates the data format of a SAM regis- 
tration list created by the SAM; 
Fig. 60 illustrates the format of a public-key certifi- 
cate revocation list created by the EMD service 
center; 55 
Fig. 61 Illustrates the data fonnat of the SAM regis- 
tration list created by the EMD service center; 
Fig. 62 illustrates a security function of the SAM; 



Fig. 63 illustrates an example of loading models of 
various SAMs in the network device of the user 
home network shown In Fig. 1 ; 
Fig. 64 illustrates the detailed circuit configuration 
of a download memory and peripheral circuits 
shown in Fig. 63; 

Fig. 65 illustrates the relationship between the host 
CPU and the SAM shown in Fig. 63; 
Fig. 66 illustrates the relationship among the host 
CPU, the SAM, the A/V compression/decompres- 
sion SAM, and the recording medium shown in Fig. 
63; 

Fig. 67 illustrates the relationship among the host 
CPU, the medium drive SAM, and the /W compres- 
sion/decompression SAM shown in Fig. 63; 
Fig. 68 illustrates one example of the circuit module 
of a rights processing SAM; 
Fig. 69 Illustrates one example of hardware config- 
uration within the SAM configured as the circuit 
module shown in Fig. 68; 

Fig. 70 illustrates an address space of the rights . 
processing SAM; 

Fig. 71 illustrates an address space of the host 
CPU; 

Fig. 72 illustrates another example of the circuit 

module of the rights processing SAM; 

Fig. 73-illustrates a circuit module of the medium 

SAM; 

Fig. 74 Illustrates storage data in the medium SAM 
of a recording medium (ROM) when the ROM is 

shipped; 

Fig. 75 illustrates storage data in the medium SAM 
of the recording medium (ROM) after registration is 
conducted; 

Fig. 76 illustrates storage data in the medium SAM 
of a recording medium (RAM) when the RAM is 
shipped; . 

Fig. 77 Illustrates storage data in the medium SAM 
of the recording medium (RAM) when registration 
is conducted; 

Fig. 78 illustrates an example of a circuit module of 
the A/V compression/decompression SAM; 
Fig. 79 illustrates an example of a circuit module of 
the medium drive SAM; 

Fig. 80 is a flow chart illustrating the overall opera- 
tion of the EMD system shown in Fig. 1 ; 
Fig. 81 illustrates examples of distribution protocols 
for the secure container used in the EMD system of 
the first embodiment; 

Fig. 82 is a block diagram illustrating the overall 
configuration of an EMD system according to a sec- 
ond embodiment of the present Invention; 
Fig. 83 is a flow chart Illustrating the processing for 
creating a secure container in a service provider; 
Figs. 84A through 84D illustrate the fonnat of the 
secure container sent from the service provider to 
the user home network shown in Fig. 82; 
Fig. 85 illustrates the sending format of a content 



8 



15 



EP1 130 492 A2 



16 



file stored in the secure container shown in Figs. 
84A through 84D; 

Fig. 86 illustrates the sending fonnat of a key file 
stored in the secure container shown in Figs. 84A 
through 84D; 

Fig. 87 Illustrates the functions of the EMD service 
center shown in Fig. 82; 

Fig. 88 is a block diagram illustrating a network de- 
vice shown in Fig. 82; 

Fig. 89 is a functional block diagram illustrating a 
CA module shown in Fig. 88; 
Fig. 90 is a functional block diagram illustrating a 
SAM shown in Fig. 82, and also illustrates the data 
flow when the secure container is received and de- 
coded; 

Fig. 91 illustrates data to be stored in a work mem- 
ory shown in Fig. 90; 

Fig. 92 is a functional block diagram illustrating the 
SAM shown in Fig. 82, and also illustrates the data 
flow when the purchase and usage modes of the 
content are determined; 

Fig. 93 is a flow chart illustrating the processing for 
receiving the secure container by the SAM shown 
In Fig. 82; 

Fig. 94 is a block diagram illustrating the operation 
of transferring the content file, for which the pur- 
chase mode is determined, downloaded into a 
download memory of the network device shown in 
Fig. 82 to a SAM of an A/V machine; 
Fig. 95 Illustrates the data flow within the receiver 
SAM shown in Fig. 94; 

Fig. 96 is a flow chart illustrating the processing per- 
fonned by the sender SAM shown in Fig. 95; 
Figs. 97A through 97E illustrate the fomnat of the 
secure container transferred from the sender SAM 
to the receiver SAM shown in Fig. 94; 
Fig. 98 illustrates the data flow within the receiver 
SAM shown in Fig. 94; 

Figs. 99 and 100 are a flow -chart illustrating the 
processing perfonned by the receiver SAM shown 

in Fig. 94; 

Fig. 101 illustrates an example of connection mod- 
els of the SAMs within the user home network 
shown in Fig. 82; 

Figs. 102 and 103 are a flow chart illustrating the 
overall operation of the EMD system shown in Fig. 
82; 

Fig. 1 04 illustrates an example of service models of 
the EMD system shown in Fig. 82; 
Fig. 105 illustrates distribution protocols for the se- 
cure container employed in the EMD system shown 
in Fig. 82; and 

Fig. 1 06 is a block diagram illustrating a convention- 
al EMD system. 

[0066] An electronic music distribution (EMD) system 
according to an embodiment of the present invention is 
first described below. 



First Embodiment 

[0067] Fig. 1 is a block diagram illustrating an EMD 
system 100 constructed in accordance with an embod- 

5 iment of the present invention. 

[0068] In this embodiment, the "content data" to be 
distributed to users is digital data having meaningful in- 
formation, which is described below by taking music da- 
ta as an example. 

10 [0069] The EMD system 100 includes, as shown in 
Fig. 1 , a content provider 101 , an EMD service center 
(clearing house, may be hereinafter simply referred to 
as the "ESC") 1 02, and a user home network 1 03. 
[0070] The content provider 101, the EMD service 

^5 center 102, and secure application modules (SAMs) 
105., through IO54 respectively correspond to a data 
providing apparatus, a data management apparatus, 
and a data processing apparatus of the present inven- 
tion. 

20 [0071 ] An overview of the EMD system 1 00 is first dis- 
cussed. The EMD system 1 00 sends to the EMD service 
center 102, which is a highly reliable authorizing organ- 
ization, content key data Kc used for encrypting content 
data C to be provided, UCP (UCP) data 106 indicating, 

25 for example, the license agreement conditions of the 
content data C, and digital-watermark infomnatlon con- 
trol data indicating the content of digital watermark in- 
formation and the position in which digital watermark in- 
formation is embedded. 

50 [0072] The EMD service center 1 02 registers (authen- 
ticates or authorizes) the content key data Kc, the UCP 
data 106, and the digital-watermark infonnation control 
data received from the content provider 101 . 
[0073] The EMD service center 1 02 also creates a key 

35 file KF, which stores the content key data Kc encrypted 
with license key data KD-, through KDg of corresponding 
periods, the UCP data 106, and signature data of the 
EMD service center 102, and sends the key file KF to 
the content provider 101 . 

40 [0074] The signature data is used for verifying the in- 
tegrity of the key file KF and the identity of the creator 
of the key file KF, and the official registration of the key 
file KF in the EMD service center 1 02. 
[0075] The content provider 1 01 creates a content file 

45 CF by encrypting the content data C with the use of the 
content key data Kc, and distributes a secure container 
104 (corresponding to a module of the present inven- 
tion), which stores the content file CF, the key file KF 
received from the EMD service center 1 02, and the sig- 

50 nature data of the content provider 101, to the user 
home network 103 via a network, such as the Internet, 
or a digital broadcast, or package media, such as a re- 
cording medium, 

[0076] The signature data stored In the secure con- 
55 tainer 1 04 Is used for verifying the integrity of the corre- 
sponding data and the identity of the creator and the 
sender of the data. 

[0077] The user home network 103 includes, for ex- 
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ample, a network device 160^, and audio-visual (AV) 
machines I6O2 through I6O4. The network device 160^ 
has a built-in SAM 1 05^ . Th AA/ machines 1 6O2 through 
I6O4 have built-in SAMs lOSg through 1064, respective- 
ly. The SAMs 1 05^ through 1 064 are interconnected with 
each other via a bus 191 , such as an IEEE-1394 serial 
interface bus. 

[0078] The SAMs 105^ through 1064 decode the se- 
cure container 1 04 received from the content provider 
101 online via, for example, a network, and/or the se- 
cure container 104 supplied from the content provider 

101 to the A/V machines I6O2 through I6O4 offline via 
a recording medium, by using the license key data KD^ 
through KD3 of corresponding periods, and then verify 
the signature data. 

[0079] The secure container 1 04 supplied to the SAM 
105^ through 1064 is then ready to be played back or 
recorded on a recording medium in the network device 
I6O1 and the A/V machines I6O2 through I6O4 after the 
purchase/usage mode of the secure container 104 has 
been determined by a user's operation. 
[0080] The SAMs 105,, through 1064 record the pur- 
chase/usage history of the secure container 104 as us- 
age log data 108, and also create usage control status 
(UCS) data 166 indicating the purchase mode. 
[0081] The usage log data 108 is sent from the user 
home network 103 to the EMD service center 102, for 
example, in response to a request from the EMD service 
center 102. The UCS data 166 is sent from the user 
home network 103 to the EMD service center 102, for 
example, every time the purchase mode is determined. 
[0082] The EMD service center 102 determines (cal- 
culates) the accounting content based on the usage log 
data 108, and settles the account, based on the calcu- 
lated accounting content, by using a settlement organi- 
zation 91 , such as a bank, via a payment gateway 90. 
According to this settlement, the payment made by the 
user of the user home network 103 to the settlement or- 
ganization 91 is given to the content provider 101 by the 
settlement processing performed by the EMD service 
center 102. The EMD service center 102 regularly sends 
settlement report data 107 to the content provider 101 . 
[0083] In this embodiment, the EMD service center 

102 has an authentication function, a key-data manage- 
ment function, and a rights processing (profit distribu- 
tion) function, 

[0084] More specifically, the EMD service center 1 02 
serves as a second certifying authority located at a layer 
lower than a root certifying authority 92, which is the 
neutral supreme authority, and authenticates public key 
data by attaching a signature to the public-key certificate 
data of the public key data by using private key data of 
the EMD service center 1 02. The public key data is used 
for verifying the integrity of the signature data in the con- 
tent provider 1 01 and the SAMs 1 05^ through 1 064. As 
stated above, the EMD service center 1 02 registers and 
authorizes the, UCP data 106 of the content provider 
101 , which is also part of the authentication function of 



the EMD service center 102. 

[0085] The EMD sen/ice center 1 02 also has the key- 
data management function of managing key data, such 
as license key data KD-, through KDg. 

5 [0086] The EMD sen/ice center 1 02 also has the fol- 
lowing rights processing (profit distribution) function. 
The EMD service center 1 02 settles the account for the 
purchase and usage of the content made by the user 
based on the suggested retailer's price (SRP) stated in 

10 the authorized UCP data 106 and the usage log data 
108 input from the SAMs 105^ through 1064, and dis- 
tributes the payment made by the user to the content 
provider 1 01 . 

[0087] Fig. 2 schematically illustrates the concept of 
^5 the secure container 104. 

[0088] The secure container 104 stores, as shown in 
Fig. 2 the content file CF created by the content provider 
1 01 and the key file KF created by the EMD service cent- 
er 102. 

20 [0089] In the content file CF, header data containing 
a header and a content ID, the content data C encrypted 
with the content key data Kc, and the signature data en- 
crypted with private key data K^p^s the content pro- 
vider 101 are stored. 

25 [0090] In the key file KF, header data containing a 
header and a content ID, the content key data Kc and 
the UCP data 106 encrypted with the license key data 
KD., through KDg, and the signature data encrypted with 
the private key data K^sc.s the EMD service center 

30 102 are stored. 

[0091] In Fig. 2, the UCP data 106 may not be en- 
crypted with the license key data KD.| through KDg, in 
which case, the signature data encrypted with the pri- 
vate key data K^p s of the content provider 1 01 is added 

35 to the UCP data 1 06. 

[0092] Details of the Individual elements of the EMD 
system 1 00 are discussed below. 

[Content provider 101] 

40 

[0093] Before starting to communicate with the EMD 
service center 102, the content provider 101 offline reg- 
isters the public key data Kqpp created by the content 
provider 101, the ID certificate, and the bank account 

45 number (for settling the account) of the content provider 
1 01 in the EMD service center 1 02, and obtains a unique 
identifier (ID number) CP_ID. The content provider 101 
also receives from the EMD service center 1 02 the pub- 
lic key data K^s^p of the EMD service center 102 and 

50 the public key data Kr.ca.p the root certifying authority 
92. 

[0094] The content provider 101 creates the secure 
container 104 which stores the content file CF and sig- 
nature data SIGg cp the content file CF shown in Fig. 
55 3A, the key file KF corresponding to the content file CF 
read from a key file database 118b and signature data 
SIG7 CP the key file KF shown in Fig. 3B, public-key 
certificate data CERqp of the content provider 101 read 
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from a storage unit 119 and signature data SIG^ esc of 
the public-l<ey certificate data CERcp shown in Fig. 3C. 
[0095] The content provider 1 01 supplies online or of- 
fline the secure container 104 to the network device 
160^ of the user home network 103 shown in Fig. 1. 
[0096] In this manner, according to this embodiment, 
an in-band system is employed in which the public key 
certificate CERcpof the public key data K^pp of the con- 
tent provider 1 01 , which is stored in the secure container 
1 04, is directly sent to the user home network 1 03. This 
eliminates the need for the user home network 103 to 
communicate with the EMD service center 102 in order 
to acquire the public key certificate CERcp. 
[0097] Alternatively, in the present invention, an out- 
of-band system may be employed in which the user 
home network 1 03 may acquire the public key certificate 
CERcp ^^^^ ^^D service center 1 02 instead of stor- 
ing it in the secure container 1 04. 
[0098] In this embodiment, the signature data is gen- 
erated by hashing the data used for the signature in the 
content provider 101 , the EMD service center 102, and 
the SAIVls 105., through 1064 by using the private keys 
Kcp.s- Kesc.s. *<sami through Kqama. respectively. The 
hash values are generated by using hash functions. Ac- 
cording to the hash functions, the data used for signa- 
tures is input and is compressed into data having a pre- 
determined bit length, which is then output as the hash 
values. It is difficult to predict the input value from the 
hash values (output values), and when one bit of the 
input data changes, many bits of the hash values 
change. It Is also difficult to search for the Input data 
having the same hash value. 

[0099] Details of the individual data in the secure con- 
tainer 1 04 are as follows. 

Signature data SIG^ p^p 

[01 GO] The signature data SIGg cp is used at the des- 
tination of the secure container 104 for verifying the in- 
tegrity of the creator and the sender of the content file 
CF 

Signature data SIF ? np 

[01 01] The signature data SIG7 Qp is used at the des- 
tination of the secure container 104 for verifying the In- 
tegrity of the sender of the key file KF. The integrity of 
the creator of the key file KF is verified at the destination 
of the secure container 1 04 based on the signature data 
S'Gki.esc within the key file KF. The signature data 
SIGki.esc is also used for verifying the registration of 
the key file KF In the EMD service center 102. 

Content fileCF 

[0102] Fig. 4 illustrates details of the content file CF 
shown in Fig. 3A. 

[0103] The content file CF stores, as shown in Figs. 



3A and 4, header data, meta data Meta encrypted with 
the content key data Kc Input from an encryption unit 
114, content data C, AA/ decompression software Soft, 
and a digital watermark information module (Watermark 
5 Module) WM. 

[0104] Fig. 3 A illustrates the configuration of the con- 
tent file CF when a digital signal processor (DSP) is used 
as an AA/ compression/decompression device for de- 
compressing the content data C. The DSP decompress- 

10 es the content data C within the secure container 104 
and embeds and detects digital watemiark information 
by using the A/V decompression software and the digital 
watemriark Information module within the secure con- 
tainer 1 04. This enables the content provider 1 01 to em- 

is ploy a desired compression method and an embedding 
method for digital watermark Infonnatlon. 
[0105] If hardware or prestored software is used as 
an AA/ compression/decompression device for decom- 
pressing the content data C and for embedding and de- 

20 tecting digital watermark Information, the A/V decom- 
pression software and the digital watermark information 
module may not be stored within the content file CF. 
[0106] The header data contains, as shown in Fig. 4, 
a synchronization signal, a content ID, signature data 

25 obtained by the private key data K^ps of the content 
provider 101 for verifying the content ID, directory infor- 
mation, hyperlink information, information concerning 
the serial number, the effective period and the creator 
of the content file CF, the file size, the encryption flag, 

30 the encryption algorithm, and the signature algorithm, 
and signature data obtained by the private key data 
Kqp s of the content provider 101 for verifying the direc- 
tory information. 

[0107] The meta data Meta Includes, as shown in Fig. 

55 4, the description of a product (I.e., content data C), ad- 
vertisement information for product demonstration, 
product-related information, and signature data of the 
content provider 101 for verifying the above infomnation. 
[0108] in the present Invention, the meta data Meta is 

40 sent while being stored in the content file CF, as shown 
In Figs. 3A and 4. Alternatively, instead of storing the 
meta data Meta in the content file CF, the meta data Me- 
ta may be transmitted from the content provider 101 to, 
for example, the SAM 105-, via a path different from the 

45 path for sending the content file CF. 

[0109] The content data C is obtained in the following 
manner. Source digital watermark information (Source 
Watemriark) Ws, copy control digital watemnark informa- 
tion (Copy Control Watermark) W^, user digital water- 

50 mark information (User Watermark) Wy, and link digital 
watennark information (Link Watennark) Wl, etc., are 
embedded into content data read from, for example, a 
content master source database. Then, the content data 
Is compressed according to a voice compression meth- 

55 od, such as adaptive transform acoustic coding 3 
(ATRAC3) (brand name), and is encrypted according to 
a common key cryptosystem, such as the data encryp- 
tion standard (DES) or Triple DES, by using a content 
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key Kc as the common key. 

[01 1 0] The content key data Kc is obtained by, for ex- 
ample, generating a random number having a predeter- 
mined number of bits by using a random number gen- 
erator. The content key data Kc may be generated from 
infomiation concerning a music piece provided by the 
content data. The content key data Kc is regularly up- 
dated. 

[0111] In the presence of a plurality of content provid- 
ers 1 01 , the content key data Kc unique to each content 
provider 101 may be used, or the common content data 
Kc may be used for all the content providers 1 01 . 
[0112] Source digital watemriark information Ws indi- 
cates information concerning the copyright, such as the 
name of the copyright holder of the content data, the 
International Standard Recording Code (ISRC), the au- 
thoring date, the authoring machine identification data 
(ID), and the distribution destination of the content. 
[01 1 3] The copy control digital watermark information 
Wq indicates information including a copy prohibit bit for 
preventing a copying operation via an analog interface. 
[0114] The user digital watermark information 
contains, for example, the identifier CPJD of the con- 
tent provider 101 for specifying the distribution source 
and the distribution destination of the secure container 
104. and the identifier SAMJD^ throughSAMJD4 0fthe 
SAMs 1 05^ through IO54, respectively, of the user home 
network 103. 

[0115] The link digital watermark information Wl in- 
cludes, for example, the content ID of the content data 
C. By embedding the link digital watemnark information 
Wl into the content data C, even for the content data C 
distributed via an analog broadcast, such as a television 
broadcast or an amplitude modulation (AM)/frequency 
modulation (FM) radio broadcast, in response to a re- 
quest from the user, the EMD service center 1 02 is able 
to introduce the content provider 1 01 , which handles the 
content data C, to the user. That is, the receiving side 
of the content data C detects the link digital watermark 
infomaation Wl embedded into the content data C by 
using a digital watermark Information decoder, and 
sends the detected content ID to the EMD service center 
1 02. This enables the EMD service center 1 02 to intro- 
duce the content provider 101 , which handles the con- 
tent data C, to the user. 

[0116] More specifically, it is now assumed that the 
user listens to a piece of music on air in an automobile 
and finds it interesting, and presses a predetermined 
button. Then, a digital watemiark information decoder 
integrated in the radio detects the content ID contained 
in the link digital watemiark information Wl embedded 
into the content data C and the communication address 
of the EMD service center 102 which registers the con- 
tent data C, The digital watermark information decoder 
then records the detected data on a medium SAM load- 
ed in a portable medium, for example, a semiconductor 
memory, such as, a Memory Stick (brand nanne), or an 
optical disc, such as, a mini disc (MD) (brand name). 



The portable medium is then set in a network device 
loaded with a SAM connected to a network. After per- 
forming mutual authentication between the SAM and the 
EMD service center 1 02, the ID infonnation stored in the 

5 medium SAM and the recorded content ID are sent from 
the network device to the EMD service center 102. 
Then, the network device receives a list of content pro- 
viders which handle the content data C, such as the con- 
tent provider 1 01 , from the EMD service center 1 02. 

10 [0117] Alternatively, in response to the content ID 
from the user, the EMD sen/ice center 102 may send 
information of the user to the content provider 101, 
which handles the content data C corresponding to the 
content ID. Upon receiving the above-mentioned infor- 

'5 mation , if the user is found to have already made a con- 
tract with the content provider 101, the content provider 

101 may send the content data C to the network device 
of the user If not, the content provider 101 may send 
promotion information of the content provider 101 to the 

20 network device of the user. 

[0118] In a second embodiment (described below) of 
the present invention, based on the link digital water- 
mark information Wl, the EMD service center 102 is 
able to introduce a service provider 31 0, which handles 

25 the content data C, to the user, 

[01 1 9] Preferably, In the first embodiment, the content 
and the embedding position of the digital watermark in- 
formation may be defined as the digital watermark infor- 
mation module WM, which may be registered and man- 

30 aged in the EMD service center 102. The digital water- 
mark information module WM is used for verifying the 
digital watemiark information by, for example, the net- 
work device 160^ and the A/V machines I6O2 through 
I6O4 within the user home network 103. 

35 [0120] More specifically, the user home network 103 
determines based on the user digital watermark infor- 
mation module WM managed by the EMD service center 

1 02 whether the content and the embedding position of 
the digital watennark information detected by the user 

40 home network 1 03 coincide with those managed by the 
EMD service center 102. If the detected information 
matches that of the EMD service center 1 02, the digital 
watermark information is determined to be legal. It is 
thus possible to detect illegally embedded digital water- 

45 mark information with high probability. 

[0121] The A/V decompression software Soft, which 
may be ATRAC3 decompression software, is used for 
decompressing the content file CF in the network device 
1 60^ and the A/V machines 1 6O2 through 1 6O4 of the 

50 user home network 1 03. 

[0122] This enables the SAMs 105^ through 1064 to 
decompress the content data C simply by using the A/ 
V decompression software stored in the secure contain- 
er 1 04. Accordingly, even if different compression/de- 

55 compression methods are set for the individual items of 
content data C or for the individual content providers, a 
heavy burden of decompressing the content data C is 
not imposed on the user. 
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[0123] The content file CF may contain, as shown in 
Fig. 4, a file reader and signature data for verifying the 
file reader by using a private key Kcp s This enables the 
SAMs 105^ through 1 05^ to efficiently process a plurality 
of different types of secure containers 104 which store 
the different formats of content files CF. 
[0124] The file reader is used for reading the content 
file CF and the corresponding key file KF, and indicates 
the reading procedure of these files. 
[0125] in this embodiment, it is assumed that the file 
reader has been sent from the EMD service center 1 02 
to the SAMs 105., through 1064, and thus, the content 
file CF of the secure container 1 04 does not store a file 
reader. 

[0126] In this embodiment, the encrypted content da- 
ta C is stored in the secure container 104 without de- 
pending on factors, such as the compression flag, i.e., 
whether the content data C is compressed, the com- 
pression method of content data C, the encryption meth- 
od (including the common key cryptosystem and the 
public key cryptosystem), the signal source of the con- 
tent data C (for example, the sampling frequency), and 
the signature-data creating method (algorithm). That is, 
the above-described factors can be determined at the 
discretion of the content provider 101 . 

Key file KF 

[01 27] Fig. 5 illustrates details of the key file KF shown 

in Fig. 3B. 

[0128] In this embodiment, for example, after regis- 
tration processing is performed by sending a registration 
module Modg from the content provider 101 to the EMD 
service center 102. as shown In Fig. 6, the key file KF 
for six months, for example, is sent from the EMD serv- 
ice center 1 02 to the content provider 1 01 and is stored 
in a key file database. In sending and receiving the reg- 
istration module Moda and the key file KF, mutual au- 
thentication is perfonned between the content provider 
101 and the EMD service center 102, and the registra- 
tion module Modg arid the key file KF are encrypted and 
decrypted by using session key data Kg^s- 
[01 29] The key file KF is provided for each content da- 
ta C, and is linked to the corresponding content file CF 
according to directory structure data DSD within the 
header ofthe content file CF, which is discussed in detail 
below. 

[0130] The key file KF stores, as shown in Figs, 3B 
and 5, a header, content key data Kc, the UCP data (li- 
cense agreement conditions) 1 06, SAM program down- 
load containers SDC^ through SDC3, and signature data 

S'^KI.ESC- 

[0131] The signature data obtained by using the pri- 
vate key Kesc.s the EMD service center 1 02 may be 
signature data SIGki,esc all the data stored In the 
key file KF, as shown in Fig. 3B. Alternatively, the sig- 
nature data may be separately provided, as shown in 
Fig. 5, for infomiation from the header to the key file, for 



the content key Kc and the UCP data 106, and for the 
SAM program download containers SDC. 
[0132] The content key data Kc and the UCP data 
1 06, and the SAM program download containers SDC^ 

5 through SDC3 are encrypted with the use of the license 
key data KD^ through KDg of corresponding periods. 
[0133] The UCP data 106 may not be stored in the 
key file KF, in which case, it is provided with signature 
data without being encrypted by the license key data. 

10 [0134] The header data contains, as shown in Fig. 5, 
a synchronization signal, a content ID, signature data 
for verifying the content ID by using the private key 
Kgsc.s 0^ EMD service center 1 02, directory struc- 
ture data, hyperlink data, infonnation concerning the key 

15 file KF, and signature data for verifying the directory 
structure data by using the private key K^sc s of the 
EMD service center 1 02. 

[0135] Various types of information may be contained 
in the header data, and may be variable according to 
20 the situation. For example, information shown in Fig. 7 
may be contained. 

[0136] The content ID may store infonnation shown 
in Fig. 8. The content ID is created in the EMD service 
center 102 or the content provider 101 , and the signa- 

25 ture data obtained by using the private key data K^scs 
of the EMD service center 102, as shown in Fig. 8, or 
the signature data obtained with the private key data 
Kqps of the content provider 1 01 is attached to the con- 
tent ID. The content ID may be created either in the con- 

30 tent provider 101 or the EMD service center 102. 

[01 37] The directory structure data represents a rela- 
tionship among the content files CF and a relationship 
between the content file CF and the key file KF within 
the secure container 1 04. 

33 [0138] For example, if content files CF., through CF3 
and the corresponding key files KF., through KF3 are 
stored in the secure container 104, a link between the 
CF^ through CF3 and a link between the content files 
CFi through CF3 and the key files KF^ through KF3 are 

40 established, as shown in Fig. 9, by the directory struc- 
ture data. 

[0139] The hyperiink data represents a hierarchical 
structure of the key file KF and a relationship between 
the content files CF and the key files KF by considering 

45 all the files inside and outside the secure container 1 04. 
[0140] More specifically, address information to be 
linked and the authentication value (hash value) thereof 
are stored, as shown in Fig. 10, in the secure container 
104 for each content file CF and for each key file KF. 

50 The hash value of one content file CF or one key file KF 
obtained by a hash function H(x) is then compared with 
that of another file CF or another key file KF to be linked, 
thereby verifying the link between the files. 
[0141] The UCP data 106 Is a descriptor which de- 

55 fines the operation rules of the content data C, for ex- 
ample, the suggested retailer's price (SRP) and the cop- 
ying rules desired by the operator of the content provider 
101. 
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[0142] More specifically, the UCP data 106 contains, 
as shown in Fig. 5, a content ID, an identifier of the con- 
tent provider 1 01 CP_ID, the effective date of the UCP 
data 1 06, the communication address of the EMD serv- 
ice center 102, use-space research information, the 5 
SRP, the usage policy, the DCS information, the UCS 
infomiation for demonstrating the product, and signa- 
ture data for the above-described information. 
[0143] The UCS information indicates an accepted 
purchase mode selected from various purchase modes, io 
for example, redistribution, pay per use, sell through, 
time limited sell through, sell through pay per play N, 
pay per time, pay per use for a SCMS device, pay per 
block, etc. 

[0144] In the second embodiment, which is discussed is 
below, In sending a secure container 304 to a user home 
network 303 via a service provider 310, the UCP data 
106 contains the identifier of the service provider 310 
SP_ID which Is provided with the secure container 1 04 
by a content provider 301 . 20 
[0145] The SAM program download containers SDC^ 
through SDC3 stores, as shown in Fig. 5, a download 
driver indicating the procedure for downloading the pro- 
grams within the SAMs 105., through 1064, a label read- 
er, such as UCP-L (label). R (Reader), representing the 25 
syntax (grammar) of the UCP data U106, lock key data 
for locking or unlocking of the writing and the erasing of 
each block data stored in a storage unit 1 92 (a flash read 
only memory (ROM), such as a mask ROM 1104 or a 
non-volatile memory 1105) built in each of the SAMs 30 
105^ through IO54, and signature data for the above- 
described information. The mask ROM 1 1 04 or the non- 
volatile memory 1105 controls the writing and the eras- 
ing of the storage data in units of blocks based on the 
lock key data. 35 
[0146] A description is now given of the mode in which 
the secure container 104 is supplied from the content 
provider 101 to the user home network 103. 
[0147] As discussed above, the content provider 1 01 
supplies the secure container 1 04 online or offline to the 40 
user home network 103. 

[0148] When the content provider 101 supplies the 
secure container 1 04 online to the network device 1 60^ 
of the user home network 1 03, the following process is 
taken. The content provider 1 01 mutually authenticates 45 
with the network device 1 60., so as to share the session 
key (common key) Kqes. and encrypts the secure con- 
tainer 104 by using the session key ^ses sends it 
to the EMD service center 102. The session key .Kses 
is newly created every time mutual authentication is per- so 
formed. 

[0149] As the communication protocol for sending the 
secure container 104, a Multimedia and Hypemiedia in- 
formation coding Experts Group (MHEG) protocol is 
used for a digital broadcast, or extensible markup Ian- ss 
guage (XML), synchronized multimedia integration lan- 
guage (SMIL), or hypertext markup language (HTML) 
may be used for the Internet. The secure container 1 04 



is embedded within the corresponding protocol accord- 
ing to a tunneling technique without depending on the 
coding method, 

[01 50] Accordingly, the format of the secure container 
104 does not have to match the communication proto- 
col, thereby increasing the flexibility in selecting the for- 
mat of the secure container 1 04. 

[0151] The communication protocol used for sending 
the secure container 1 04 from the content provider 1 01 
to the user home network 103 is not restricted to the 
above-described protocols. 

[01 52] In this embodiment, as the modules built in the 
content provider 101 , the EMD service center 102, and 
the nehwork device 160^ for communicating with each 
other, tamper-free or high tamper-resistant communica- 
tion gateways which are protected from being monitored 
are used. 

[0153] In contrast, when the content provider 101 sup- 
plies the secure container 104 offline to the user home 
network 1 03, the secure container 1 04 Is recorded on a 
recording medium (ROM or RAM), which is discussed 
in detail below, and the contents of the ROM or RAM is 
then supplied to the user home network 1 03 via a com- 
munication path. 

[0154] Fig. 11 illustrates a recording medium (ROM) 
130^ used In this embodiment. 

[0155] The recording medium (ROM) 130^ has a 
ROM area 131 , a secure RAM area 132, and a medium 
SAM 133. The content file OF shown in Fig. 3A is stored 
in the ROM area 131. 

[01 56] The secure RAM area 132 is an area which re- 
quires a predetemnined permission (authentication) to 
make access, and stores signature data created by us- 
ing as arguments the key file KF shown In Fig. 3B, the 
public-key certificate data CERcp shown in Fig. 3C, and 
storage key data Ksjpi having a unique value according 
to the type of machine, by utilizing a message authen- 
tication code (MAC) function. The secure RAM area 132 
also stores data obtained by encrypting the key file KF 
and the public-key certificate data CER^p by using me- 
dium key data K^^ed having a value unique to the re- 
cording medium. 

[0157] The secure RAM area 132 also stores public 
key certificate revocation data for specifying the content 
provider 101 and the SAMs 105^ through IO54 which 
have become invalid due to an illegal action. 
[0158] In communicating between the medium SAM 
used in this embodiment and a medium drive SAM 260, 
which is discussed below, one SAM compares its revo- 
cation list with that of the other SAM and detemnines 
when the lists were created. The revocation list created 
earlier is updated by the other revocation list. 
[01 59] The secure RAM area 132 stores the UCS data 
166 which Is created when the purchase/usage mode 
of the content data C is determined in the SAMs 105^ 
through 105^ of the user home network 1 03. By storing 
the UCS data 166 in the secure RAM area 132, the re- 
cording medium (ROM) 130^ in which the purchase/us- 
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age mode is determined can be provided. 
[01 60] The medium SAIV1 1 33 stores, for example, the 
media ID, which is the identifier of the recording medium 
(ROIVI) 130^, and the medium key data K^^q. The me- 
dium SAIVl 133 has, for example, a mutual authentica- 5 
tion function. 

[0161] The recording medium (ROIVI) usable in this 
embodiment may also be a recording medium (ROM) 

1302 shown In Fig. 12 or a recording medium (ROM) 

1303 shown In Fig. 13. 10 
[0162] The recording medium (ROM) 1 SOg illustrated 

in Fig. 12 has a ROM area 131 and a medium SAM 133 
having an authentication function, but is not provided 
with a secure RAM area 132, unlike the recording me- 
dium (ROM) 130^ shown in Fig. 11 . If the recording me- ^5 
dium (ROM) ISOg is used, the content file CF is stored 
in the ROM area 131 and the key file KF is stored in the 
medium SAM 133. 

[0163] The recording medium (ROM) I3O3 illustrated 
in Fig, 13 has a ROM area 131 and a secure RAM area 20 
132, but is not provided with a medium SAM 133, unlike 
the recording medium (ROM) 130^ shown in Fig. 11. If 
the recording medium (ROM) I3O3 is used, the content 
file CF is stored in the ROM area 1 31 , and the key file 
KF is stored in the secure RAM area 1 32. Authentication 25 
is not performed with the con-esponding SAM. 
[0164] Instead of a ROM recording medium, a RAM 
recording medium may be employed in this embodi- 
ment. 

[0165] As the RAM recording medium usable in this 30 
embodiment, a recording medium (RAM) I3O4 having a 
medium SAM 133, a secure RAM area 132, and an un- 
secured RAM area 134 may be used, as shown in Fig. 
14. In this recording medium (RAM) 13O4, the medium 
SAM 133 has an authentication function, and the secure 35 
RAM area 132 stores the key file KF. The unsecured 
RAM area 134 stores the content file CF. 
[0166] Alternatively, a recording medium (RAM) 13O5 
shown in Fig. 15 and a recording medium (RAM) 1306 
shown in Fig. 1 6 may be employed, 4o 
[0167] The recording medium (RAM) 13O5 shown in 
Fig. 15 includes an unsecured RAM area 134 and a me- 
dium SAM 133 having an authentication function, but is 
not provided with a secure RAM area 132, unlike the 
recording medium (RAM) I3O4 shown in Fig. 14. In us- '45 
ing the recording medium (RAM) 13O5, the content file 
CF is stored in the unsecured RAM area 134, and the 
key file KF is stored in the medium SAM 133. 
[0168] The recording medium (RAM) 130q includes a 
secure RAM area 1 32 and an unsecured RAM area 1 34, so 
but is not provided with a medium SAM 1 33, unlike the 
recording medium (RAM) 130^ shown in Fig. 14. In us- 
ing the recording medium (RAM) ISOg, the content file 
CF is stored In the unsecured RAM area 134, and the 
key file KF is stored in the secure RAM area 132, Au- 55 
thenticatlon is not performed with the corresponding 
SAM. 

[0169] As stated above, regardless of whether the 



content data C is distributed online via a network or of- 
fline using, for example, the recording medium 130^ 
from the content provider 1 01 to the user home network 
103, the common format of the secure container 104 
which stores the UCP data 106 is used for distributing 
the content data C. This enables the SAMs 1 05, through 
1054 of the user home network 103 to perform rights 
processing based on the common UCP data 106. 
[0170] As also discussed above, in this embodiment, 
the in-band system is employed in which the content da- 
ta C encrypted with the content key data Kc is stored 
together with the content key. data Kc for decrypting the 
content data C in the secure container 104. According 
to this in-band system, it is not necessary to separately 
distribute the content key data Kc when the user home 
network 103 plays back the content data C, thereby re- 
ducing the burden in network communication. The con- 
tent key data Kc is encrypted with the license key data 
KD^ through KOg. However, the license key data KD-| 
through KDg are managed in the EMD service center 
1 02 and have already been distributed to the SAMs 1 05^ 
through 1064 of the user home network 103 when the 
SAMs 105., through 1064 first accessed the EMD serv- 
ice center 1 02. This enables the user home network 1 03 
to use the content data C offline without accessing the 
EMD service center 102 online. 
[0171] In the present invention, the out-of-band sys- 
tem may be employed in which the content data C and 
the content key data Kc are separately supplied to the 
user home network 1 03, which will be described below. 
[0172] The process for creating the secure container 
1 04 by the content provider 1 01 is as follows. 
[01 73] Figs. 1 7 through 1 9 are a flow chart illustrating 
the above-described process. 

[0174] In step SI 7-1 (Fig. 17), the content provider 
101 registers offline in the EMD service center 102 by 
using the ID certificate of the content provider 1 01 orthe 
bank account for settling the account, and acquires the 
globally unique identifier CP_ID. The content provider 
1 01 has already obtained the public key certificate CER- 
QP of the content provider 101 from the EMD service 
center 1 02. 

[0175] In step SI 7-2, the content provider 101 then 
digitizes content master sources, such as content data 
to be authored and prestored legacy content data, and 
assigns the content IDs to such data. The content mas- 
ter sources are then stored in a content master source 
database and are centrally managed. 
[0176] Then, in step SI 7-3, the content provider 101 
creates meta data Meta for each of the centrally man- 
aged content master sources and stores it in a meta da- 
tabase. 

[0177] Subsequently, in step SI 7-4, the content pro- 
vider 101 reads content data, I.e., a content master 
source, from the content master source database, and 
embeds digital watermark information in the content da- 
ta. 

[0178] In step SI 7-5, the content provider 101 stores 
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the content and the embedding position of the digital wa- 
temnark information embedded in step S17-4 in a pre- 
determined database. 

[0179] Then, in step S17-6, the content data having 
the embedded digital watermark infon-nation is com- s 
pressed. 

[0180] In step S1 7-7, the content provider 1 01 creates 
content data by decompressing the content data com- 
pressed in step S17-6. 

[0181] In step S17-8, the content provider 101 per- io 
forms an audio check on the compressed content data. 
[01 82] Thereafter, in step SI 7-9, the content provider 
101 detects the digital watennark embedded into the 
content data based on the content and the embedding 
position of the digital watermark information stored In i^ 
the database in step S17-5. 

[01 83] If both the audio check and the detection of the 
digital watermark information have been successfully 
perfonned, the content provider 101 executes process- 
ing of step S17-10 {Fig. 18). If either of the above-de- 20 
scribed processing has failed, the processing of step 
S 1 7-4 is repeated. 

[0184] In step S17-10, the content provider 101 gen- 
erates a random number to create the content key data 
Kc and retains it The content provider 1 01 also encrypts 25 
the content data compressed In step SI 7-6 by using the 
content key data Kc. 

[0185] In step S17-11, the content provider 101 cre- 
ates the content file CF shown in Fig. 3A and stores it 
in the content file database. 30 
[0186] Then, in step SI 7-1 2, the content provider 101 
creates the UCP data 106 concerning the content data 
C. 

[0187] In step 817-13, the content provider 101 de- 
termines the SRP and stores it in the database. 35 
[0188] In step 817-14, the content provider 101 out- 
puts the content ID, the content key data Kc, and the 
UCP data 1 06 to the EMD service center 1 02. 
[0189] Subsequently, in step 81 7-15, the content pro- 
vider 1 01 receives the key file KF encrypted with the !i- 40 
cense key data KD^ through KD3 from the EMD service 
center 1 02. 

[0190] lnstepS17-16,thecontentprovider 101 stores 
the received key file KF in the key file database. 
[0191] In step 317-17 (Fig. 19), the content provider 45 
101 hyperlinks the content file CF and the key file KF. 
[0192] In step 817-18, the content provider 101 cre- 
ates the signature data SIGq cp ^rom the hash value of 
the content file CF by using the private key data K^ps- 
The content provider 1 01 also creates the signature da- so 
taSIGy Qpfrom the hash value of the key file KFby using 
the private key data K^ps- 

[0193] In step 817-19, the content provider 101 gen- 
erates the secure container 1 04 storing the content file 
CF, the key file KF, the public-key certificate data CER- 55 
QP, the signature data SlGg cp. SIG7 cp, and SIG^ esc» 
as shown in Figs, 3A through 3C. 
[0194] If It Is desired that content data is provided in 



a composite format including a plurality of secure con- 
tainers, each secure container 1 04 Is created by repeat- 
ing the processes in step S17-1 through 817-19. Then, 
in step 817-20, a relationship between the content files 
CF and the key files KF is hyperlinked, and also a rela- 
tionship between the content files CF is hyperlinked. 
[0195] Thereafter, in step SI 7-21 , the content provid- 
er 101 stores the created secure container 104 in the 
secure container database. 

[EMD service center 102] 

[0196] Fig. 20 illustrates the basic functions of the 
EMD service center 1 02. Primarily, as shown in Fig. 20, 
the EMD center 102 supplies the license key data to the 
content provider 1 01 and the SAMS 1 05^ through 1 064, 
issues public-key certificate data CERqp, and CERq^j^,^^ 
through CERsam4. creates the key file CF, and performs 
payment settlement (profit distribution) based on the us- 
age log data 1 08. 

Supply of license key data 

[0197] A description is first given of the process for 
sending the license key data from the EMD sen/lce cent- 
er 1 02 to the SAMs 1 05^ through 1 064 of the user home 
network 103. 

[0198] The EMD service center 1 02 reads the license 
key data KD^ through KD3 regularly, for example, for 
three months, from the key database, and creates the 
signature data SIG^di .esc through SIGkd3.esc ^^^^ the 
hash values by using the private key data Kgsc,s the 
EMD service center 102. 

[0199] The EMD service center 1 02 then encrypts the 
license key data KD^ through KD3 for three months and 
the signature data SIGj^^ ^sc through SIGj^^g gsQ by 
using the session key data Kqes, which is obtained by 
performing mutual authentication with the SAMs 105^ 
through 1064, and sends the encrypted data to the 
SAMS 105^ through 1064. 

[0200] Similarly, the EMD service center 102 sends, 
for example, the license key data KD^ through KDg for 
six months, to the content provider 101 . 

Issuing of public-key certificate data 

[0201] A description is given below of he process to 
be executed when the EMD service center 1 02 receives 
a request to Issue the public-key certificate data CER^p 
from the content provider 101. 

[0202] Upon receiving the identifier of the content pro- 
vider 1 01 CP JD, the public key data KQpp, and the sig- 
nature data SIGgcp from the content provider 101 , the 
EMD service center 1 02 decrypts such data by using 
the session key data Kses obtained by perfomning mu- 
tual authentication with the content provider 101 , 
[0203] After verifying the integrity of the decrypted 
signature data SlGgcp. the EMD service center 102 
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makes a determination, based on the identifier CP_ID 
and the public key data K^pp, whether the content pro- 
vider 1 01 , which has requested the issuing of the public- 
key certificate data, is registered in a CP database. 
[0204] Then, the EMD service center 102 reads the 
X. 609-format public-key certificate data CERqp of the 
content provider 101 from the certificate database, and 
creates the signature data SIG^ ^sc ^^^^ the hash value 
of the public-key certificate data CER^p by using the pri- 
vate key Kgsc s EMD service center 102. 
[0205] The EM D service center 1 02 encrypts the pub- 
lic-key certificate data CER^p and the signature data 
SIG-i ESC '^y using the session key data Kses obtained 
by performing mutual authentication with the content 
provider 1 01 , and sends the encrypted data to the con- 
tent provider 101 . 

[0206] The process to be performed when the EMD 
service center 102 receives a request from the SAM 
105^ to Issue the public-key certificate data CERs^j^^ is 
similar to that when receiving a request to issue the pub- 
lic-key certificate data CERcp from the content provider 
101 , except that processing is performed with the SAM 
105^. The public-key certificate data CERsami 
described in X. 509 forniat. 

[0207] In the present invention, if it is designed that 
the private key data Ksami.s public key data 

KsAMi.p stored in a storage unit of the SAM 1051 
when shipping the SAM 1 05^, the EMD service 1 02 may 
create the public-key certificate data CERsami 
public key data Kjamlp when shipping the SAM 105^. 
In this case, the created public-key certificate data 
CERsami "^^Y stored in the storage unit of the SAM 
105^ when shipping the SAM 105^ 

Creating of key file KF 

[0208] Upon receiving the registration module Mod2 
shown in Fig. 6 from the content provider 1 01 , the EMD 
service center 102 decodes the registration module 

Modg by using the session key Kses obtained by con- 
ducting mutual authentication with the content provider 
101. 

[0209] The EMD service center 1 02 then verifies the 
integrity of the signature data SIG^^^ cp by using the 
public key data K^pp read from the key database. 
[0210] Subsequently, the EMD service center 102 
registers in the UCP database the UCP data 106, the 
content key data Kc, the digital watemnark information 
control data WM, and the SRP stored in the registration 
module Mod2. 

[0211] The EMD service center 102 encrypts the con- 
tent key data Kc, the UCP data 106, and the SAM pro- 
gram download containers SDC^ through SDC3 by us- 
ing the license key data KD^ through KDg of conrespond- 
ing periods read from a key server. 
[0212] The EMD service center 102 then creates the 
signature data SIGki esc ^^om the hash values of the 
header data, the content key data Kc, the UCP data 1 06, 



and the SAM program download containers SDC-i 
through SDC3 by using the private key data Kgsc.s 
the EMD service center 102. 

[0213] In this manner, the EMD service center 102 
5 creates the key file KF shown in Fig. 3B and stores it in 
the KF database. 

[0214] Thereafter the EMD service center 102 reads 
the key file KF from the KF database and encrypts it by 
using the session key data Kges obtained by conducting 
10 mutual authentication with the content provider 1 01 , and 
then sends it to the content provider 101. 

Settlement processing 

IS [0215] Payment settlement perfomned in the EMD 
service center 102 is as follows. 

[0216] Upon receiving from, for example, the SAM 
1 06^ of the user home network 1 03, the usage log data 
108 and signature data StG2oo,sAMi thereof, the EMD 

20 service center 1 02 decrypts such data by using the ses- 
sion key data Kses obtained by perfonning mutual au- 
thentication with the SAM 105^, thereby verifying the 
signature data SIGgoo.sAMi created by the public key da- 
ta Ksami of the SAM 105^. 

25 [0217] Fig. 21 illustrates data described in the usage 
log data 1 08. The usage log data 1 08 contains, as illus- 
trated in Fig. 21 , for example, an ESC_content ID, which 
is a globally unique identifier provided by the EMD serv- 
ice center 102, for the content data C stored in the se- 

30 cure container 1 04, a CP_content ID, which is a globally 
unique identifier provided by the content provider 101 , 
for the content data C, a user ID, which is an identifier 
of the user who has received the secure container 1 04, 
user infonnatlon, a SAM_ID, which is an identifier of 

35 each of the SAMs 105^ through 105^ received the se- 
cure container 104, a HNG_!D, which is an identifier of 
a home network group to which the corresponding SAM 
belongs, discount information, tracing information, a 
price tag, a CPJD of the content provider 1 01 which has 

40 provided the content data C, a service provider (portal) 
ID, a hardware provider ID, an identifier of a recording 
medium Media_ID which records the secure container 
1 04, a component ID, which is an identifier of a prede- 
termined component, such as a compression method 

45 for the secure container 1 04, an identifier of a license 
owner LHJD of the secure container 104, an identifier 
of the EMD service center 102 ESCJD which performs 
payment settlement of the secure container 1 04. 
[021 8] In the second embodiment, which is discussed 

50 below, in addition to the above-described data con- 
tained in the usage log data 108, usage log data 308 
includes an identifier SP.content ID provided by the 
service provider310forthe content dataC, and an iden- 
tifier of the service provider 310 SP_ID which has dls- 

55 tributed the content data C. 

[021 9] If it is necessary that the payment made by the 
user of the user home network 103 is distributed to 
neighboring rights holders other than the content pro- 
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vrder 1 01 , for example, license owners for the compres- 
sion method, the recording medium, etc., the EMD serv- 
ice center 102 detemnines the amount of payment ac- 
cording to a predetermined distribution rate, and creates 
the settlement report data and settlement request data s 
152 based on the detemilned amounts of payment. The 
distribution rate may be created for each content data 
stored in the secure container 104. 
[0220] Thereafter, the EMD service center 102 per- 
forms payment settlement based on the SRP and the io 
sales price contained in the UCP data 1 06 read from the 
UCP database and also based on the usage log data 
108, and creates the settlement request data 152 and 
the settlement report data 1 07. 

[0221] The settlement request data 1 52 is authorized '5 
data which can request the payment from the settlement 
organization 91 based on the aforementioned data, and 
if the payment made by the user is to be distributed to 
a plurality of rights holders, the settlement request data 
152 is created for each rights holder so 
[0222] The EMD service center 1 02 then decrypts the 
settlement request data 152 and signature data SIG99 
thereof through mutual authentication and using the 
session key data Kses. and then sends them to the set- 
tlement organization 91 via the payment gateway 90 25 
shown In Fig. 1 . 

[0223] Accordingly, the amount of payment indicated 
In the settlement request data 152 is paid to the content 
provider 101 . 

[0224] The EMD service center 1 02 sends the settle- 30 
ment report data 1 07 to the content provider 1 01 . 

[User home network 1 03] 

[0225] The user home network 1 03 has, as illustrated 3S 
in Fig. 1 , the network device 1 60^ and the AA/ machines 
I6O2 through I6O4. The network device 160^ has the 
built-in SAM 1 05^ . The AA/ machines 1 6O2 through 1 6O4 
have the built-in SAMs 1 0Sg through 1 064, respectively. 
The SAMs 1052 through 1054 are connected to each 40 
other via the bus 191 , for example, an IEEE-1394 serial 
interface bus. 

[0226] A network communication function may be 
provided for the AA/ machines I6O2 through I6O4, 
though it is not essential. If a network communication 
function is not provided, the /W machines 1 6O2 through 
I6O4 may simply use the network communication func- 
tion of the network device 1601 via the bus 1 91 . Alter- 
natively, the user home network 1 03 may Include only 
AN machines without a network function. so 
[0227] Details of the network device 160^ are as fol- 
lows. 

[0228] Fig. 22 is a block diagram of the network device 
160.,. The network device 160.| is fonned of the SAM 
150-1, a communication module 162, an A/V compres- ss 
sion/decompression SAM 163, an operation unit 165, a 
download memory 167, a playback module 169, an ex- 
ternal memory 201 , and a host central processing unit 



(CPU) 810. 

[0229] The host CPU 810 centrally controls the 
processing executed within the network device 160-,, 
and the host CPU 810 and the SAM 1 05^ have a master- 
slave relationship. 

[0230] The relationship between the host CPU 810 
and the SAM 1 05^ is discussed in detail below with ref- 
erence to Fig. 23. 

[0231] In the network device 160.,, as shown in Fig. 
23, the host CPU 810 and the SAM 1 05., are connected 
via a host CPU bus 1000. 

[0232] When one of a plurality of interrupt types is se- 
lected according to the operation performed on the op- 
eration unit 1 65 by the user, the host CPU 81 0 receives 
an external interrupt (hardware interrupt) S165 indicat- 
ing the selected interrupt. 

[0233] If the task corresponding to the interrupt SI 65 
is found to be executed by the SAM 1 05., , the host CPU 
810 outputs an internal interrupt (software interrupt) 
S810 indicating the task to the SAM 105^ via the host 
CPU bus 1000. 

[0234] Then, the SAM 1 05., is recognized as an input/ 
output (I/O) device by the host CPU 810, and upon re- 
ceiving the internal interrupt S810, which is a function 
call, from the host CPU 810, the SAM 105^ executes the 
requested task and returns the execution result to the 
host CPU 810. 

[0235] The major tasks executed by the SAM 105^ 
may include processing for purchasing content data (ac- 
counting processing), signature checking, mutual au- 
thentication, playback of content data, updating, regis- 
tration, downloading, etc. Such tasks are processed 
within the SAM 105i while being completely shielded 
from an external source, thereby preventing the host 
CPU 810 from monitoring the processed result. 
[0236] The host CPU 810 knows which tasks should 
be requested to the SAM 1 05., according to the type of 
event. More specifically, upon receiving the external in- 
terrupt SI 65 by the user's operation performed on the 
operation unit 165, such as an external key device, the 
host CPU 81 0 detennines that the task by the external 
interrupt SI 65 is to be executed by the SAM 105.,. Then, 
the host CPU 810 outputs the intemal interrupt S810 to 
the SAM 105^ via the host CPU bus 1000 so as to re- 
quest it to execute the task. 

[0237^ Interrupts from an I/O device, such as an ex- 
ternal key device, for example, a commander or a key- 
board, to the host CPU 810 occur asynchronously with 
a user program executed by the host CPU 810. Such 
interrupts are normally referred to as the "hardware In- 
terrupts" or "external interrupts". 

[0238] Interrupts, received by the host CPU 810, for 
viewing and listening to the content or purchasing the 
content are hardware interrupts. In this case, the I/O de- 
vice which generates a hardware interrupt may be a key 
device, such as buttons or graphic user interface (GUI) 
icons, of the network device leo^. In this embodiment, 
the operation unit 165 serves as such an I/O device. 
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[0239] On the other hand, interrupts generated by the 
execution of a user program (program) by the host CPU 
810 are referred to as "software interrupts" or "internal 

interrupts". 

[0240] Generally, an interrupt signal of the external in- 5 
terrupt SI 65 is output from the operation unit 1 65 to the 

host CPU 810 via a specific line for external interrupts, 
which is separately provided from the host CPU bus 
1000. 

[0241] One external interrupt S165 is differentiated io 
from the other external Interrupts S165 by assigning 
numbers to the I/O devices which generate Interrupts. 
For example, for a keyboard, numbers are assigned to 
the individual buttons (such numbers are referred to as 
"intermpt types"). Upon pressing one of the buttons, the '5 
corresponding information Is reported from the opera- 
tion unit 165 to the host CPU 810 via the specific line, 
and the number of the pressed button is stored in a 
memory of the I/O interface. In response to the informa- 
tion indicating that the button has been pressed, the host 20 
CPU 81 0 accesses the memory of the I/O interface and 
identifies the interrupt type from the number of the but- 
ton, thereby controlling the execution of an interrupt rou- 
tine corresponding to the number of the button. 
[0242] In this case, if the interrupt routine is to be ex- 25 
ecuted by the SAM 105^, the host CPU 810 sends the 
internal Interrupt S810 to the SAM 105^ to request It to 
execute the task. 

[0243] As discussed above, tasks to be executed by 
the SAM 105^ may include: 30 

1. Purchasing content (including purchasing keys 
and demonstration of the content); 

2. Playback of content; and 

3. downloading from the content provider 101 and 35 
the EMD service center 102 (updating, receiving us- 
age log, and program downloading). 

[0244] The host CPU 81 0 first receives external inter- 
rupts 81 65 corresponding to tasks 1 , 2, and 3 from the 40 
operation unit 165 via the specific line, and outputs the 
corresponding internal interrupts S81 0 to the SAM 1 05^, 
so that the SAM 105^ executes tasks 1 , 2 and 3. 
[0245] The I/O devices which generate interrupts cor- 
responding to tasks 1 and 2 are the external key device, ^5 
such as the buttons or the GUIs of the network device 
I6O1. 

[0246] In the case of task 3, it is not that a push-type 
downloading secure container 1 04 is sent from the con- 
tent provider 101, but that an active pull-type secure so 
container 1 04 is sent to the network device 1 60^ (client) 
by performing polling to access the content provider 
101. Accordingly, the host CPU 810 knows that the 
downloaded secure container 1 04 Is stored in the down- 
load memory 1 67 within the netwo rk device 1 60^ . Thus, 55 
in actuality, the host CPU 810 merely generates the in- 
ternal interrupt S81 0 and sends it to the SAM 1 06^ with- 
out receiving the extemal interrupt 8165 from the oper- 



ation unit 165. 

[0247] Since the SAM 105^ serves as an I/O device 
(slave) of the host CPU 81 0, the main routine of the SAM 
105^ is started when being powered on. and then, enters 
the standby (waiting) mode. 

[0248] Subsequently, immediately when receiving the 
internal interrupt S81 0 from the host CPU 810 (master), 
the SAM 105-, begins processing the task while being 
completely shielded from an external source. Then, the 
SAM 1 05^ reports the completion of processing the task 
to the host CPU 81 0 by the extemal Interrupt (hardware 
intermpt), and requests the host CPU 810 to receive the 
result. Accordingly, the SAM 105^ does not contain a 
user main program (user program). 
[0249] The SAM 105^ executes processing, such as 
for purchasing the content, playback of the content, and 
downloading from the content provider 101 and the 
EMD service center 102, as an inten-upt routine. The 
SAM 105-j generally waits in the standby mode, and up- 
on receiving the internal interrupt S810 from the host 
CPU 810, the SAM 105^ executes the interrupt routine 
con-espondlng to the Interrupt type (number) (function 
call command), and requests the host CPU 810 to re- 
ceive the result. 

[0250] More specifically, a request to execute a task 
from the host CPU 81 0 to the SAM 1 05^ by the internal 
interrupt S810 is made according to an I/O command, 
and then, the SAM 105^ interrupts itself based on the 
function call command received from the host CPU 810. 
In actuality, the host CPU 81 0 outputs the internal inter- 
rupt S81 0 to the SAM 1 05^ by performing the chip select 
for selecting the SAM 1 05^ . 

[0251] As discussed above, although the host CPU 
810 receives the external interrupt S165 for purchasing 
or playing back the content, It request the SAM 1 05., to 
execute the corresponding task. This is because the 
task involves the security, such as encryption process- 
ing, creating and checking signatures, accompanied by 
the processing for purchasing the key 
[0252] The interrupt routine stored in the SAM 106^ 
serves as a sub routine of the interrupt routine of the 
host CPU 810. 

[0253] The interrupt routine executed by the host CPU 
810 is a task which makes an instruction to send the 
internal interrupt (function call) S810 requesting the ex- 
ecution of the task con^esponding to the extemal inter- 
rupt S1 65 to a common memory space of the SAM 1 05^ . 
[0254] As shown in Fig. 24, each of the interrupt rou- 
tines stored in the SAM 1 05^ contains sub routines. Pro- 
grams which can be shared with the other interrupt rou- 
tines are preferably defined as sub-routines, thereby 
saving the memory space. The processing of the SAM 
1 05^ may be executed in a manner similar to that exe- 
cuted by a CPU, such as concurrently defining sub-rou- 
tines from an Interrupt routine or defining second-gen- 
eration sub-routines from a first-generation sub-routine. 
[0255] Referring back to Fig. 23, the relationship be- 
tween the host C PU 81 0 and the SAM 1 05-, is described. 
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As discussed above, the host CPU 810 receives an in- 
terrupt from an I/O device, such as an external key de- 
vice, as the external interrupt (hardware interrupt) S1 65 

via a specific line. 

[0256] A number is provided for each specific line, and 
according to the nunrjber, the corresponding interrupt 
vector is extracted fronn an interrupt vector table stored 
in a system memory of the host CPU 810, thereby start- 
ing the interrupt routine. 

[0257] There are two kinds of interrupt types: one type 
is an indirect access indicating a selection number of 

the interruptvector in the vector table, and the othertype 
is a direct access Indicating the start address of the in- 
terrupt routine. 

[0258] If the received external interrupt indicates a 
task to be executed by the SAM 1 05^ , the host CPU 8 1 0 
outputs the internal interrupt S81 0 to the SAM 1 05| and 
requests it to execute the task (I/O command). 
[0259] The type of task is defined by a command 
name, and the host CPU 810 outputs the command- 
based Internal interrupt S810 to the SAM ^05^. When 
being powered on, the SAM 1 05., initializes the program 
and checks the integrity of the SAM 105-,, as shown in 
Fig. 24, and then, enters a sleep mode (standby mode). 
In the sleep mode, only the operation of the CPU is 
stopped, and the sleep mode is released by any inter- 
rupt. Thereafter, the status of the SAM 1 05^ is shifted to 
a program execution status via an execution handling 
status. Upon receiving an internal inten-upt from the host 
CPU 810, the SAM 105^ executes the corresponding 
task and returns the result to the host CPU 81 0. 
[0260] In response to the result from the SAM 1 05^, 
the host CPU 810 starts to take another action. Howev- 
er, even while the SAM lOS^ is executing one task, the 
host CPU 81 0 may perform anothertask. The host CPU 
810 receives the execution result of the task from the 
SAM 105^ as an interrupt. 

[0261] There are two approaches to reporting the ex- 
ecution result of the task from the SAM 105-, to the host 
CPU 810. One approach is to output an interrupt to the 
host CPU 810 and to request the host CPU 810 to re- 
ceive the result. The other approach is to provide status 
registers (which is referred to as the "SAM status regis- 
ters") in an address space of the SAM 105^ which is ac- 
cessible by the host CPU 810. (A read/write command, 
address information, and data from the host CPU 810 
are carried to the address space.) According to the sec- 
ond approach, the type of task, flags indicating whether 
the task is being waited, executed, or completed, etc. 
can be set in the SAM status register (SAM_SR), and 
the host CPU 810 regularly performs polling (reading 
data) to the SAM status register. 
[0262] AflrstSAMstatusregistersetsaflagindicatIng 
the status of the SAM 105^ read by the host CPU 810. 
[0263] A second SAM status register sets flags des- 
ignating whether the execution of the task from the host 
CPU 810 has been requested. These flags are read by 
the CPU within the SAM 105-,. Based on the priority of 



bus mediation, both the host CPU 810 and the SAM 
105^ are allowed to access the flags set in the first and 
second SAM status registers. 

[0264] More specifically in the first SAM status regis- 
5 ter, flags are set indicating whether the SAM is executing 
the task, has completed the task, or is waiting for a task 
to be executed. The name of the task is also indicated 
in the first SAM status register. The host CPU 810 reg- 
ularly performs polling to access the first SAM status 
10 register. 

[0265] in the secon d SAM status register, flags are set 
indicating whether the execution of a task has been re- 
quested from the host CPU 810 or is in the standby 

mode. 

15 [0266] The I/O write command is first sent from the 
host CPU 810 to the SAM lOS^, which is an I/O device, 
followed by data and address information to be written. 
The address information (data storage location) is 
stored In the common memory space shared by the host 

20 CPU 81 0 and the SAM 1 05i . 

[0267] It is required that the memory address space 
within the SAM 105^ should be invisible from the host 
CPU 810 (tamper- resistance characteristics). Accord- 
ingly, the memory address space within the SAM 105., 

25 should be managed so that only part of a static random 
access memory (SRAM) for a work stack, or part of an 
external flash ROM (electrically erasable programmable 
read only memory (EEPROM)) is visible from the host 
CPU 810. Thus, a large amount of data is written Into 

30 part of the SRAM or part of the EEPROM from the host 
CPU 810, and a small amount of data is written into a 
temporary register within the SAM 105^ which can be 
visible from the host CPU 810. 

[0268] The address of an interrupt routine to be exe^ 

35 cuted by an interrupt is referred to as the "interrupt vec- 
tor". The interrupt vectors are stored in the vector table 
according to the order of the interrupt types. 
[0269] Upon receiving an external interrupt, as shown 
in Fig. 25, according to the interrupt type (number), the 

40 host CPU 81 0 extracts the Interrupt vector from the in- 
terrupt vector table stored In the memory, and executes 
the corresponding routine started from the address (In- 
terrupt vector) as a sub-routine. 
[0270] In this embodiment, in performing one of the 

45 above-described tasks 1 through 3, an extemal interrupt 
occurs from the corresponding I/O device by a physical 
interrupt signal, and the host CPU 81 0 sends a function 
call (procedure call) by using an internal interrupt (soft- 
ware interrupt) to the SAM 105^ and request it to exe- 

50 cute the inten-upt routine (task) according to the interrupt 
type (number). Then, the host CPU 810 receives the ex- 
ecution result of the task and starts to take another ac- 
tion. 

[0271] The internal Interrupt is a software Interrupt 
55 generated from the user program, i.e., the CPU, as il- 
lustrated in Fig. 26. The internal interrupt is generated 
by the execution of an INT command of a machine lan- 
guage. 
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[0272] Details of the function call (procedure call) are 
as follows. 

[0273] An interrupt routine is formed of small func- 
tions, and a command name is defined for each function. 
By designating the command name together with the in- 
terrupt command INT from the user program, the target 
function can be fulfilled. This is referred to as the "func- 
tion call (procedure call)". In this manner, the function 
call is performed through the Internal Interrupt (software 
interrupt). 

[0274] In perfomiing the function call, parameters for 

executing the inten-upt routine are delivered by inputting 
the function call number in the register of the CPU, 
thereby designating the target function. The result Is re- 
turned to the register or the memory, or the correspond- 
ing operation is performed. 

[0275] For example, in executingcode A within the us- 
er program shown in Fig. 27, the host CPU 810 desig- 
nates the interrupt command INT and the command 
name "INT 21 H". and the CPU of the SAM 1 05^ access- 
es the memory area corresponding to the Interrupt type 
"21 H", and also accesses a command analyzer, thereby 
executing the sub-routine of the function 3. 
[0276] The processing statuses of the CPU of the 
SAM 1 05^ are discussed below with reference to Fig. 
28. 

[0277] There are five statuses of the CPU of the SAM 
105^, as illustrated in Fig. 28: a reset status ST1 , an ex- 
ception handling status ST2, a program execution sta- 
tus ST3, a bus-right release status ST4, and a low power 
status ST5. 

[0278] Details of the Individual statuses are as fol- 
lows. 

[0279] The reset status ST1 is a status In which the 
CPU is reset. 

[0280] The exception handling status ST2 Is a transi- 
tional status in which the CPU is shifting the processing 
status due to an external handling factor, such as reset- 
ting or Interrupt processing. In performing interrupt 
processing, by referring to a stack pointer (SP), the 
count value of a program counter (PC) and the value of 
a status register (SR) are temporarily stored in a stack 
area. The address at which the interrupt routine is start- 
ed is then extracted from the exception-handling vector 
table, and the routine is branched to the address, there- 
by starting the program. The status of the CPU is then 
shifted to the program execution status ST3. 
[0281] The program execution status ST3 is a status 
in which the CPU Is sequentially executing programs, 
[0282] The bus-right release status ST4 is a status in 
which the CPU releases the bus to a device which has 
requested a bus right. 

[0283] The low power status ST5 has three modes, 
such as a sleep mode, a standby mode, and a module 
standby mode. 

(1) Sleep mode 

The operation of the CPU Is discontinued, but 



data stored in the Internal register of the CPU, data 
in a built-in cache memory, and data in a built-in 
RAM are retained. The functions of built-in periph- 
eral modules other than the CPU are still working. 
5 The sleep mode is released by resetting, any 

interrupt, or a direct memory access (DMA) address 
error, and is shifted to the program execution status 
ST3 via the exception handling status ST2. 

(2) Standby mode 

10 In the standby mode, the functions of the CPU, 

a built-in module, and an oscillator are completely 
stopped. Data of a built-in cache memory and data 
of a built-in RAM are not retained. The standby 
mode is released by resetting or an external non- 

is maskable interrupt (NMI). After being released, the 
standby mode is shifted to the normal program sta- 
tus via the exception handling status ST2 after the 
lapse of a period required for stabilizing oscillations, 
in the standby mode, since the oscillator is stopped, 

20 power consumption Is considerably reduced. 

(3) Module standby mode 

The supply of a clock to a built-in module, such 
as a DMA, is discontinued. 

25 [0284] The relationship between the host CPU 810 
and the SAM 1 05^ is described below through a memory 
space with reference to Fig. 29. 

[0285] Upon receiving an external interrupt through a 
user's operation on a button, as shown in Fig. 29, a CPU 

30 810a of the host CPU 810 intermpts the execution of the 
user program, and designates the interrupt type so as 
to access the hardware interrupt area of the interrupt 
vector table. Then, the CPU 81 Oa executes the interrupt 
routine stored In the accessed address. The interrupt 

35 routine describes the process for outputting a function, 
call 1-1, 1-2, 2, or 3, which is the intemal interrupt, to 
the SAM 1 05^ so as to request the SAM 1 05^ to execute 
the corresponding task, and for acquiring the execution 
result from the SAM 1 05^ and then returning to the user 

40 program. More specifically, the CPU 810a writes infor- 
mation for specifying the task into an SRAM 1155, which 
forms part of a memory 1 0S^a within the SAM 1 05-, and 
which serves as a common memory for the host CPU 
810 and the SAM 105^. 

45 [0286] In outputting the internal interrupt to the SAM 
105^, the CPU 81 Oa of the host CPU 810 turns on the 
task waiting flag of a second SAM status register 1 1 56b 
within the SAM 105i. 

[0287] A CPU 1 1 00 of the SAM 1 05^ checks the sec- 
50 end SAM status register 1 1 56b and accesses the S RAM 
1155 so as to specify the type of task requested by the 
host CPU 810, thereby executing the corresponding In- 
ten-upt routine. The inten-upt routine is executed by 
reading sub-routines, as stated above, which Include, 
55 for example, mutual authentication with a recording me- 
dium, an AA/ compression/decompression SAM, a me- 
dia drive SAM, an IC card, and the EMD sen^lce center 
1 02, mutual authentication between machines, and cre- 
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atlng and checking of signature data. 
[0288] The CPU 11 00. of the SAM 105i stores the re- 
sult of the interrupt routine (task result) in the SRAM 
11 55, and also turns on the task completion flag of a first 
SAM status register 1156a within the SAM 105^. s 
[0289] After checking that the task completion flag of 
the first SAM status register 1166a is on, the host CPU 
810 reads the task result from the SRAM 1155 and re- 
turns to the processing of the user program. 
[0290] The functions of the SAM 1 05^ are as follows. io 
It should be noted that the functions of the SAMs lOSg 
through 1 064 are similar to those of the SAM 1 05^ . 
[0291] The SAM lOS^ performs accounting process- 
ing for each content, and communicates with the EMD 
service center 1 02. The standards and version of the is 
SAM 1 05^ may be managed by the EMD service center 
1 02. If it is desired by electric home appliance manufac- 
turers that the SAM 1 05^ be loaded in electric home ap- 
pliances, the EMD service center 1 02 may license such 
manufacturers to use the SAM 1 06^ as a black-box ac- 20 
counting module for performing accounting in units of 
contents. For example, the EMD sen/ice center 102 
standardizes the IC, such as the IC interface, of the SAM 
1 05^ without making it known to the manufacturers, and 
the SAM 105^ is loaded In the network device 160^ ac- 25 
cording to the standards. The SAMs 1052 through 1064 
are loaded in the AA^ machines I6O2 through I6O4, re- 
spectively. 

[0292] The processing content of the SAM 105^ Is 
completely shielded from an external source and is thus 30 
protected from being externally monitored or tampered. 
The SAM 1 05-, is a function module which is implement- 
ed by executing a tamper- resistant hardware module 
(for example, an IC module) In which prestored data or 
currently processing data cannot be tampered with, or 35 
by executing software (private program) by the CPU. 
[0293] If the functions of the SAM 105^ are imple- 
mented by an IC, a private memory is disposed within 
the IC, and a private program and private data are stored 
in the private memory. If the functions of the SAM 105., 40 
are incorporated into part of a machine rather than being 
implemented by using a physical form, such as an IC, 
the portion incorporating the functions may be defined 
as a SAM. 

[0294] In the example of the network device 160^ 45 
shown in Fig. 22, the secure container 104 is output from 
the communication module 1 62 to the SAM 1 05^, as in- 
dicated by the solid line. However, as indicated by the 
one-dot chain lines, the key file KF may be output from 
the communication module 162 to the SAM 105^, and so 
the content file CF may be directly written into the down- 
load memory 1 67 from the communication module 1 62 
via a CPU bus. 

[0295] The content data C may be output to the A/V 
compression/decompression SAM 1 63 directly from the ss 
download memory 167 by skipping the SAM 105^. 
[0296] The functions of the SAM 1 05^ are specifically 
described below with reference to the functional block 



of Fig. 30. 

[0297] Fig. 30 illustrates the data flow for receiving the 
secure container 1 04 from the content provider 1 01 and 
processing for decoding the key file KF within the secure 
container 1 04. 

[0298] The SAM 105^ includes, as shown in Fig. 30, 
a mutual authentication unit 170, encryption/decryption 
(decoding) units 171, 172, and 173, a content provider 
manager 1 80, a download memory manager 1 82, an A/ 
V compression/decompression SAM manager 1 84, an 
EMD service center manager 185, a usage monitor 186, 
an accounting processor 187, a signature processor 
1 89, a SAM manager 1 90, a storage unit 1 92, a medium 
SAM manager 197. a work memory 200, an external 
memory manager 811, and a CPU 1100. 
[0299] The CPU 1100 receives the internal interrupt 
S810 from the host CPU 810 and controls the entire 
processing within the SAM 106^. 
[0300] The correlation of the components of the SAM 
1 05^ and the elements of the present invention is as fol- 
lows. The content provider manager 1 80 and the down- 
load memory manager 1 82 correspond to input process- 
ing means, the accounting processor 187 corresponds 
to determining means, log data generation means, and 
UCS data generation means, the encryption/decryption 
(decoding) unit 172 corresponds to decoding means, 
and the usage monitor unit 186 corresponds to usage 
control status means. The encryption/decryption (de- 
coding) unit 173 corresponds to encryption means. A 
medium drive SAM manager 855 shown in Fig. 45, 
which is discussed below, corresponds to recording 
control means. The signature processor 189 corre- 
sponds to signature processing means. 
[0301 ] As discussed above, the individual functions of 
the SAM 1 05^ are implemented by executing the private 
program by the CPU or by operating predetermined 
hardware. The hardware configuration of the SAM 1 0S^ 
is discussed below. 

[0302] In the external memory 201 of the network de- 
vice 160-,, as shown in Fig. 31 , the usage log data 108 
and the SAM registration list are stored. 
[0303] The memory space of the external memory 
201 is invisible from an external source of the SAM 1 05^ 
(for example, the host CPU 810), and only the SAM 1 05^ 
is allowed to manage access to the storage area of the 
external memory 201. As the external memory 201, a 
flash memory or a ferroelectric memory (FeRAM) may 
be used. 

[0304] As the wort< memory 200, an SRAM may be 
used. The work memory 200 may include, as shown in 
Fig. 32, the content key data Kc, the UCP data 1 06, lock 
key data Klqc the storage unit 192, the public key 
certificate CERcp of the content provider 101 , the UCS 
data 166, and the SAM program download containers 
SDC-, through SDC3, which are stored in the secure con- 
tainer 104. 

[0305] As one of the functions of the SAM 1 05^, the 
processing executed by the functional blocks when the 
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secure container 1 04 is received (downloaded) from the 
content provider 101 is described below with reference 
to Fig. 30. This processing is centrally controlled by the 
CPU 1100 which has received the Internal interrupt 
S81 0 for downloading the content from the host CPU s 
810. 

[0306] In sending and receiving data online by the 
SAM 105i with the content provider 101 and the EMD 
service center 102, the nnutual authentication unit 170 
performs mutual authentication with the content provid- io 
er 1 01 and the EMD service center 1 02 to generate ses- 
sion key data (common key data) Ks^s- ^"^^ outputs it 
to the encryption/decryption (decoding) unit 171. The 
session key data Kqes is newly created every time mu- 
tual authentication Is conducted. is 
[0307] The encryption/decryption (decoding) unit 1 71 
encrypts and decrypts the data sent to and received 
from the content provider 1 01 and the EMD service cent- 
er 1 02 by using the session key Kses created by the 
mutual authentication unit 170. so 
[0308] If the download memory 1 67 shown in Fig. 22 
is provided with a medium SAM 167a, as shown in Fig. 
22, mutual authentication Is performed between the mu- 
tual authentication unit 170 and the medium SAM 167a. 
Then, the download memory manager 1 82 encrypts the 25 
content by using the session key data Kses obtained by 
mutual authentication, and writes the encrypted data in- 
to the download memory 1 67 shown in Fig. 22. As the 
download memory 167, a non-volatile semiconductor 
memory, such as a Memory Stick may be used. 30 
[0309] If a memory without a mutual authentication 
function, such as a hard disk drive (HDD), shown in Fig. 
33, is used as a download memory 211 , the download 
memory 211 is unsecured. Accordingly, the content file 
CF is downloaded into the download memory 211 , and 35 
the highly secret key file KF is downloaded Into, for ex- 
ample, the work memory 200 shown in Fig. 30 or the 
external memory 201 shown in Fig. 22. 
[0310] In storing the key file KF In the external mem- 
ory 201 , the SAM 1 05^ encrypts it by using message 40 
authentication code (MAC) key data K^ac ^^C 
mode and stores it in the external memory 201 , and also 
stores part of the final block of the ciphertext in the SAM 
105i as a MAC value. In reading the key file KF from 
the external memory 201 to the SAM 1 05^ , the read key 45 
file KF is decrypted with the MAC key data K^^^c. and 
then, the resulting MAC value is compared with the 
stored MAC value, thereby verifying the integrity of the 
key file KF In this case, Instead of the MAC value, a 
hash value may be used. so 
[0311] The encryption/decryption (decoding) unit 1 72 
decodes the content key data Kc, the UCP data 106, 
and the SAM program download containers SDC^ 
through SDC3 within the key file KF stored in the secure 
container 104 received from the download memory ss 
manager 1 82 by using the license key data KD^ through 
KD3 of corresponding periods read from the storage unit 
192. 



[0312] The decoded content key data Kc, the UCP da- 
ta 106, and the SAM program download containers 
SDC^ through SDC3 are written Into the work memory 
200. 

[031 3] The EMD service center manager 1 85 manag- 
es communication with the EMD service center 102 
shown in Fig, 1. 

[031 4] The signature processor 1 89 verifies the integ- 
rity of the signature data within the secure container 1 04 
by using the public k6y data K^scp °^ ^MD service 
center 1 02 and the public key data K^p p of the content 
provider 1 01 read from the storage unit 192. 
[0315] The storage unit 1 92 has the following data, as 
shown in Fig. 34, as private data protected from being 
read or written from outside the SAM 1 05^: a plurality of 
license key data KD^ through KD3 having effective 
dates, a SAMJD, a user ID, a password, an identifier 
HNG_ID of a home network group to which the SAM 
105i belong, an information reference ID, a SAM regis- 
tration list, a revocation list of devices and recording me- 
dia, storage key data Ksjr, public key data Kr.ca.p ^ 
route CA, public key data K^scp of the EMD service 
center 1 02, a source key data for mutual authentication 
with a driving SAM (when the common. key cryptosys- 
tem is employed), a public key certificate of a driving 
SAM (when the private key cryptosystem is employed), 
private key data Ksami.s the SAM 105^ (when the 
common key cryptosystem is employed), a public key 
certificate CERqami which the public key data 
Ksamlp SAM 1051 is stored (when the private 

key cryptosystem is employed), signature data SiG22 of 
a public key certificate CER^sc obtained by using the 
private key data K^scs ^MD service center 1 02, 
source key data for mutual authentication with the A/V 
compression/decompression SAM 163 (when the com- 
mon key cryptosystem is employed), source key data 
for mutual authentication with the medium SAM (when 
the common key cryptosystehi is employed), public-key 
certificate data CERmedsam o^the medium SAM (when 
the public key cryptosystem is employed), the signal 
source which can be handled, the compression method, 
the display performance of a monitor to be connected, 
the format conversion function, the presence or ab- 
sence of a bit stream recorder, rights processing (profit 
distribution) data, an ID of related entitles which receive 
profits, etc. 

[0316] In Fig. 34, the items of data having the symbol 
* marked at the left side are stored in the storage unit 
192 when shipping the SAM 105i, and the other Items 
of data are stored In the storage unit 1 92 when user reg- 
istration is performed after shipping the SAM 105^. 
[0317] A private program for implementing at least 
part of the functions shown In Fig. 30 is also stored in 
the storage unit 1 92. 

[0318] As thestorage unit 192, aflash-EEPROM may 
be used. 
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Processing to be executed when license key data is 
received 

[0319] A description is now given, with reference to 
Figs. 33 and 35, of the process within the SAM 105^ 5 
when storing the license key data KD^ through KD3 re- 
ceived from the EMD service center 1 02 in the storage 
unit 192. 

[0320] Fig. 35 is a flow chart illustrating the process 
within the SAM 1051 when storing the license key data 10 
KD-, from the EMD service center 102 through KD3 in 
the storage unit 192. 

[0321] In step S35-0, the CPU 1100 of the SAM 105^ 
receives the internal interrupt 881 0 Indicating an in- 
struction to receive the license key data from the host ?5 
CPU 810. 

[0322] In step S35-1, mutual authentication is per- 
formed between the mutual authentication unit 170 of 
the SAM 105i and the EMD service center 102. 
[0323] Then. In step S35-2, the license key data KD^ 20 
through KD3 for three months and the corresponding 
signature dataSIGKo-, ^sc through SIG^ds^esc encrypt- 
ed with the session key data Kg^g obtained by mutual 
authentication perfonned in step S35-1 are written from 
the EMD service center 1 02 to the work memory 200 via 25 
the EMD service center manager 1 85. 
[0324] In step 335-3, the encryption/decryption (de- 
coding) unit 171 decrypts the license key data KD^ 
through KD3 and the signature data SIG^di. esc through 
2'^KD3,ESC using the session key data \<seS' 
[0325] Subsequently, in step S35-4, the signature 
processor 1 89 verifies the integrity of the signature data 
S'^KDi.Esc through SIGkds.esc stored in the work 
memory 200 and then writes the license key data KD^ 
through KD3 in the storage unit 1 92. 35 
[0326] In step S35-5, the CPU 1 1 00 reports the result 
of the processing for receiving the license key data to 
the host CPU 810 through an external interrupt. 
[0327] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 40 
described receiving processing has been correctly per- 
formed, in which case, the host CPU 81 0 may read the 
flag by polling. 

Processing to be executed when the secure container ^5 
104 is received from the content provider 1 01 

[0328] A description is now given of, with reference to 
Figs. 30 and 36, of the flow within the SAM 105^ when 
receiving the secure container 1 04 from the content pro- so 
vider 101 . 

[0329] In the example described below, the content 
file CF is written Into the download memory 1 67 via the 
SAM 105^. In the present invention, however, the con- 
tent file CF may be directly written Into the download ss 
memory 167 without passing through the SAM ^05^. 
[0330] Fig. 36 is a flow chart illustrating the process 
within the SAM 1 05^ when receiving the secure contain- 



er 1 04 from the content provider 1 01 , 
[0331] In the subsequent example, the SAM 105^ ver- 
ifies the various items of signature data when receiving 
the secure container 104. Alternatively, the signature 
data may be verified when the purchase/usage mode is 
detemriined. 

[0332] In step S36-0, the CPU 1 1 00 of the SAM 1 05^ 
shown in Fig. 30 receives from the host CPU 810 the 
internal interrupt S810 indicating an instruction to re- 
ceive the secure container 1 04. 
[0333] In step S36-1 , mutual authentication Is con- 
ducted between the mutual authentication unit 170 of 
the SAM 1 05^ and the content provider 101. 
[0334] Then, in step S36-2, mutual authentication is 
perfonned between the mutual authentication unit 170 
of the SAM 105^ and the medium SAM 167a of the 
download memory 167. 

[0335] In step S36-3, the secure container 104 re- 
ceived from the content provider 1 01 is written into the 
download memory 167. Simul-taneously, the secure 
container 104 is encrypted in the mutual authentication 
unit 170 and is decrypted in the medium SAM 167a by 
using the session key data obtained in step S36-2. 
[0336] Subsequently, in step S36-4, the SAM 1 05^ de- 
codes the secure container 1 04 with the use of the ses- 
sion key data obtained in step S36-1 . 
[0337] In stepS36-5, afterverifying the signature data 
SIG1 ESC indicated by Fig. 3C, the signature processor 
189 verifies the signature data SIG3 Qp and SIGy^p by 
using the public key data K^pp of the content provider 
101 stored in the public-key certificate data CER^p 
shown in Fig. 3C. 

[0338] When the signature data SIGg^p "s verified, 
the integrity of the creator and the sender of the content 
file CF is verified. 

[0339] When the signature data SIG^^p is verified, 
the sender of the integrity of the key file KF is verified. 
[0340] Thereafter, in step S36-6, the signature proc- 
essor 189 checks the Integrity of the signature data 
SIGki,esc within the key file KF shown in Fig. 3B, I.e., 
the integrity of the creator of the key file KF, by using the 
public key data K^scp ^^^^ from the storage unit 192, 
and also checks whether the key file KF Is registered in 
the EMD sen/ice center 102. 

[0341] In step S36-7, the encryption/decryption (de- 
coding) unit 1 72 decrypts (decodes) the content key da- 
ta Kc, the UCP data 106, and the SAM program down- 
load containers SDC^ through SDC3 within the key file 
KF shown in Fig. 3B by using the license key data KD^ 
through KD3 of corresponding periods read from the 
storage unit 1 92, and writes them into the work memory 
200. 

[0342] Then, in step S36-8, the CPU 1100 reports to 
the host CPU 81 0 through an extemal Interrupt whether 
the secure container 104 has been correctly received. 
Alternatively, the CPU 1100 may set a flag In the SAM 
status register indicating whether the secure container 
104 has been appropriately received, and the host CPU 
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810 may read the flag by polling. 
[0343] The processing performed by the individual 
functional blocks for purchasing and using the content 
data C downloaded into the download memory 167 is 
described below with reference to Fig. 37. 
[0344] The processing of the functional blocks are 
centrally controlled by the CPU 11 00 which receives the 
Internal interrupt S810 from the host CPU 810. 
[0345] The usage monitor 186 reads the UCP data 
106 and the UCS data 166 from the work memory 200, 
and monitors the situation to make sure that the content 
is purchased and used within the license restricted by 
the UCP data 106 and the UCS data 166. 
[0346] As stated with reference to Fig. 36, the UCP 
data 1 06 is stored in the key file KF in the work memory 
200 after being decoded. 

[0347] The UCS data 1 66 is stored in the work mem- 
ory 200 when the purchase mode is detennined by the 
user, as discussed below. The UCS data 166 includes 
the user ID who has purchased the content data C, the 
tracing Information, etc., i.e., the same data as the UCP 
data 106 shown in Fig. SB, exceptforthe UCS Informa- 
tion Indicating the purchase mode determined in the pur- 
chase-mode determining processing. 
[0348] In receiving the internal interrupt 881 0 indicat- 
ing an instruction to determine the purchase mode or 
the usage mode of the content from the CPU 81 0 shown 
in Fig. 22, the accounting processor 1 87 creates the cor- 
responding usage log data 108. 
[0349] As stated above, the usage log data 108 indi- 
cates the history of the purchase and usage modes of 
the secure container 1 04 made by the user, and is used 
when performing the settlement processing and deter- 
mining the license fee by the EMD sen/ice center 1 02 
according to the purchase of the secure container 1 04. 
[0350] The accounting processor 1 87 infomns the us- 
er of the sales price or the SRP read from the work mem- 
ory 200 if necessary. The sales price and the SRP are 
contained within the decoded UCP data 106 of the key 
file KF shown in Fig. 3B stored in the work memory 200. 
[0351] The accounting processing by the accounting 
processor 1 87 is performed under the monitoring of the 
usage monitor 186 based on the rights, such as the li- 
cense agreement conditions, represented by the UCP 
data 106, and the UCS data 166. That is, the user pur- 
chases and uses the content within the allowance of the 
rights. 

[0352] The accounting processor 187 also creates, 
based on the internal interrupt 8810, the UCS data 1 66 
indicating the purchase mode of the content determined 
by the user, and writes it into the work memory 200. 
[0353] In this embodiment, after the purchase mode 
is detennined, the UCS data 166 is stored in the work 
memory 200. However, the UCS data 1 66 and the con- 
tent key data Kc may be stored in the external memory 
201 . As the external memory 201 , a flash memory, which 
is a non-volatiie RAM, may be used, as stated above. 
In writing the UCS data 166 and the content key data 



Kc into the external memory 201 , integrity check is per- 
formed for verifying the integrity of the external memory 
201 , in which case, a storage area of the external mem- 
ory 201 is divided into a plurality of blocks, and a hash 
5 value is detennined for each block by using SHA-1 or 
MAC, and the determined hash values are controlled in 
the SAM 105v 

[0354] Instead of determining the purchase mode in 
the SAIVl 1 05^ , the secure container 1 04 may be trans- 

10 ferred to another SAM, such as SAM 1052 through "'^^4' 
in which case, the UCS data 1 66 is not created. 
[0355] The purchase modes of the content include, for 
example, "sell through" in which no restriction is im- 
posed on playback operation by the purchaser and cop- 

IS ying forthe use of the purchaser, "time limited" in which 
the period of use is restricted, "pay per play" in which 
charging incurs every time the content is played back, 
"pay per SCMS" in which charging incurs every time the 
copied content is played back in a SCMS device, "sell 

20 through SCMS copy" in which copying in a SCMS device 
is allowed, and "pay per copy N without copy guard" in 
which charging incurs every time the content is played 
back without setting a copy guard. 
[0356] The UCS data 166 is created when the user 

25 detemnines the purchase mode of the content, and is 
thereafter used for controlling so that the purchase uses 
the content within the allowance of the determined pur- 
chase mode. The UCS data 166 includes the content 
ID, the purchase mode, the price according to the pur- 

30 chase mode, a SAM_ID of the SAM which has pur- 
chased the content, and a user_ID of the user who has 
purchased the content. 

[0357] If the determined purchase mode is "pay per 
play", "pay per SCMS", or "pay per copy N without copy 

35 guard", upon purchasing the content data C, the SAM 
1 05-, may send the UCS data 1 66 to the content provider 
101 in real time, and the content provider 101 may in- 
struct the EMD service center 1 02 to fetch the usage log 
data 108 within a predetermined period. 

40 [0358] If the determined purchase mode is "sell 
through", the UCS data 1 66 may be sent to both the con- 
tent provider 1 01 and the EMD service center 1 02 in real 
time. Thus, in this embodiment, regardless of the pur- 
chase mode, the UCS data 166 is sent to the content 

45 provider 1 01 in real time, 

[0359] The EMD service center manager 1 85 regular- 
ly sends the usage tog data 1 08 read from the external 
memory 201 via the external memory manager 81 1 to 
the EMD service center 1 02. 

so [0360] In this case, the signature processor 189 cre- 
ates the signature data SIGgoo.sAMi usage log da- 
ta 108 by using the private key data Kg^^^^-, and the 
EMD sen^ice center manager 185 sends the signature 
data SIG200.SAM1 together with the usage log data 108 

55 to the EMD service center 1 02. 

[0361] The EMD service center manager 185 may 
send the usage tog data 1 08 regularly in response to a 
request from the EMD sen/ice center 102, or when his- 
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tory information in the usage log data 108 exceeds a 
predetermined amount. The amount of history informa- 
tion is determined according to, for example, the storage 
capacity of the external memory 201 . 
[0362] When the CPU 1100 receives the internal in- s 
terrupt S810 indicating an instruction to play back the 
content from the host CPU 810 shown in Fig. 22, the 
download memory manager 1 82 outputs the content da- 
ta C read from the download memory 167, the content 
key data Kc read from the work memory 200, and user io 
digital information data 196 Input from the accounting 
processor 1 87 to the AA/ compression/decompression 
SAM manager 184. 

[0363] Upon receiving the internal interrupt S810 in- 
dicating an instruction to listening to the content for dem- '5 
onstration, the down load-memory manager 1 82 outputs 
the contentf lie CF read from the download memory 1 67, 
the content key data Kc and partially disclosing param- 
eter data 1 99 read from thie work memory 200 to the A/ 
V compression/decompression SAM manager 184. 20 
[0364] The partially disclosing parameter data 1 99 is 
described in the UCP data 106, and indicates the han- 
dling of the content in the demonstration mode. This en- 
ables the A/V compression/decompression SAM 1 63 to 
play back the encrypted content data C in a partially dis- 25 
closing state based on the partially disclosing parameter 
data 199. As the partially disclosing techniques, the fol- 
lowing techniques are available. By utilizing the fact that 
the AA/ compression/decompression SAM 163 proc- 
esses data (signal) in units of predetermined blocks, 30 
some blocks are decoded by using the content key data 
Kc, and some blocks are not decoded by using the con- 
tent key data Kc according to the partially disclosing pa- 
rameter data 1 99. Or, the playback functions in the dem- 
onstration mode are restricted, orthe period for listening 3S 
to the content for demonstration Is limited. 

Processing for determining the purchase mode of the 
downloaded secure container 

40 

[0365] A description is now given, with reference to 
Figs. 37 and 38, of the process of the SAM 1 05^ for de- 
termining the purchase mode of the secure container 
104 downloaded from the content provider 101 to the 
download memory 167. 45 
[0366] In the subsequent processing, in determining 
the purchase mode of the secure container 1 04, the sig- 
nature data within the secure container 104 is not veri- 
fied (as stated above, the signature data is verified when 
receiving the secure container 104). However, the sig- so 
nature data may be checked in determining the pur- 
chase mode. 

[0367] Fig. 38 is a flow chart Illustrating the process 
for determining the purchase mode of the secure con- 
tainer 1 04 downloaded from the content provider 101 to ss 
the download memory 167. 

[0368] In step S38-0, the CPU 1100 of the SAM 105^ 
shown in Fig. 37 receives from the host CPU 810 the 



internal interrupt S810 Instructing the SAM 105^ to de- 
termine the purchase mode of the content. 
[0369] The CPU 1100 then detemiines in step S38-1 
whether the internal interrupt S810 from the host CPU 
810 indicates the demonstration mode, and if so, the 
CPU 1100 executes the processing of step S38-2. If not, 
the CPU 1100 executes the processing of step S38-5. 
[0370] In step S38-2, the content key data Kc and the 
partially disclosing parameter data 199 read from the 
work memory 200 are output to the AA/ compression/ 
decompression SAM 163 shown in Fig. 22. Simultane- 
ously, after performing mutual authentication between 
the mutual authentication unit 1 70 of the SAM 1 05^ and 
a mutual authentication unit 220 of the A/V compres- 
sion/decompression SAM 163, the content key data Kc 
and the partially disclosing parameter data 1 99 are en- 
crypted and decrypted by using the session key data 

[0371] In step S38-3, upon receiving the internal in- 
terrupt S810 indicating the demonstration mode from 
the host CPU 810, the CPU 1100 outputs the content 
file CF stored in the download memory 167 to the A/V 
compression/decompression SAM 1 63 shown in Fig. 22 
via the A/V compression/decompression SAM manager 
184. 

[0372] Simultaneously, mutual authentication for the 
content file CF is conducted between the mutual authen- 
tication unit 170 and the medium SAM 167a of the down- 
load memory 167, and the content file CF is encrypted 
and decoded with the session key data Kg^g. Also, mu- 
tual authentication for the content file CF is performed 
between the mutual authentication unit 1 70 and the mu- 
tual authentication unit 220, and the content file CF is 
encrypted and decoded with the session key data Kg^g. 
[0373] The content file CF is decoded with the session 
key data Kg^s ^ decoder 221 of the A/V compression/ 
decompression SAM 163 shown in Fig. 22, and is then 
output to a decoder 222. 

[0374] Then, in step S38-4, the decoded partially dis- 
closing parameter data 199 is output to a partially dis- 
closing processor 225 of the /W compression/decom- 
pression SAM 163, and the content data C is decoded 
in a partially disclosing state by the decoder 222 using 
the content key data Kc under the control of the partially 
disclosing processor 225. 

[0375] The partially disclosed decoded content data 
C is decompressed in a decompression unit 223, and is 
output to a digital-watemnark information processor 224. 
[0376] In the digital-watermark Information processor 
224, the user digital information data 1 96 is embedded 
into the content data C, and then, the content data C is 
played back in the playback module 1 69 so as to output 
sound corresponding to the content data C, 
[0377] The digital-watennark infonnatlon processor 
224 also detects the digital watermark information em- 
bedded in the content data C, and determines whether 
the processing should be discontinued based on the de- 
tection result. 



26 



51 



EP 1 130 492 A2 



52 



[0378] In step S38-5, when the user determines the 
purchase mode by operating the operation unit 1 65, the 
internal interrupt S81 0 corresponding to the determined 
purchase mode is output from the host CPU 810 to the 
SAM 106i. 

[0379] Subsequently, in step S38-6, the accounting 
processor 187 of the SAM 105-| creates the usage log 
data 1 08 and the UCS data 1 66 according to the deter- 
mined purchase mode, and writes the usage log data 
1 08 to the external memory 201 via the external memory 
manager 81 1 and also writes the UCS data 1 66 to the 
work memory 200. 

[0380] Thereafter, the usage monitor 186 controls 
(monitors) the situation to make sure that the purchase 
and use of the content are controlled within the condi- 
tions allowed by the UCS data 166. 
[0381] In step S38-7, a new key file KF^ shown In Fig. 
3gC, which is discussed below, is created, and is stored 
In the download memory 1 67 or another memory via the 
download memory manager 1 82. 
[0382] The UCS data 1 66 stored in the key file KF^ is 
encrypted, as shown In Fig. 39C, with the storage key 
data Kgypi and medium key data K^^q by utilizing the 
CBC mode of the DES. 

[0383] The storage key data Ksjp is data determined 
by the type of machine, such as a super audio compact 
disc (SACD) machine, a digital versatile disc (DVD) ma- 
chine, a compact disc recordable (CD-R) machine, or a 
mini disc (MD) machine, and is used for corresponding 
one type of machine to one type of recording medium. 
The medium key data K^^^ed clata unique to the record- 
ing medium. 

[0384] In step S38-8, in the signature processor 189, 
the hash value H|^^ of the key file KF^ is created by using 
the private key data Kqami.s the SAM 105^, and is 
written into the work memory 200 in correspondence 
with the key file KF^. The hash value H^^ Is used for 
verifying the integrity of the key file KF^ andlhe identity 
of the creator of the key file KF^. 

[0385] In sending the content data C with the pur- 
chase mode determined online or via a recording medi- 
um, a secure container 1 04p is created, as Illustrated in 
Figs. 39A through 39D, which stores the key file KF^ and 
hash value H^i therefor, the content file CF and signa- 
ture data SIGg CP therefor, the key file KF and signature 
data SIG7 cp» the public-key certificate data CERqp and 
signature data SIG^ ^50 therefor, and public-key certif- 
icate data CERqa,^^ and signature data SIG22.ESC 
therefor. 

[0386] As discussed above, upon determining the 
purchase mode of the secure container 1 04p, the UCS 
data 1 66 is created and is stored in the work memory 
200. If the purchase mode of the same secure container 
104p Is re-detemriined in the SAM lOS^, the UCS data 
166 stored in the work memory 200 is updated accord- 
ing to the external interrupt (operation signal) 8165. 
[0387] Then, in step 338-9, the CPU 1100 checks 
whether the above-described purchase-mode deter- 



mining processing has been correctly executed, and re- 
ports the corresponding infonnation to the host CPU 81 0 
via an external inten-upt. 

[0388] Alternatively, the CPU 1100 may set a flag In 
5 the SAM status register Indicating whether the above- 
described purchase-mode determining processing has 
been correctly executed, In which case, the host CPU 
810 reads the flag by polling. 

10 Playback processing of content data 

[0389] A description is given below, with reference to 
Fig. 40, of the process for playing back the content data 
C, for which the purchase mode is determined, stored 
^5 in the download memory 1 67. 

[0390] This processing Is executed, assuming thatthe 
UCS data 1 66 Is stored In the work memory 200 by the 
aforementioned purchase-mode determining process- 
ing. 

[0391] In step S40-0, the CPU 1 1 00 of the SAM 1 05^ 
shown in Fig, 37 receives the Internal interrupt S810 in- 
dicating an instruction to play back the content from the 
host CPU 810. 

[0392] In step S40-1 , the UCP data 1 66 is read from 
the work memory 200 to the usage monitor 1 86, and the 
usage monitor 186 interprets and verifies the playback 
conditions described in the UCP 166, and monitors the 
situation so that the subsequent playback operation is 
performed based on the UCP data 166. 
[0393] Then, in step S40-2, mutual authentication is 
performed between the mutual authentication unit 170 
shown In Fig. 37 and the mutual authentication unit 220 
of the AA/ compression/decompression SAM 163 
shown In Fig. 22, and the session key data Kggs 
shared therebetween. 

[0394] In step S40-3, the playback conditions inter- 
preted and verified in step S40-1 and the content key 
data Kc read from the work memory 200 are encrypted 
by using the session key data Ks^s obtained in step 
S40-2, and are output to the A/V compression/decom- 
pression SAM 163. 

[0395] Accordingly, the playback conditions and the 
content key data Kc are decoded with the session key 
data KsEs in the decoder 221 of the AA/ compression/ 
decompression SAM 163 shown In Fig. 22. 
[0398] Subsequently, In step S40-4, the content file 
CF read from the download memory 1 67 is encrypted 
by using the session key data K^^q, and is then output 
to the A/V compression/decompression SAM 1 63. 
[0397] Accordingly, the content file CF is decoded 
with the session key data Kses in the decoder 221 of 
the A/V compression/decompression SAM 1 63. Subse- 
quently, the content data C within the content file CF is 
decompressed in the decompression unit 223 of the A/ 
V compression/decompression SAM 163, and the user 
digital watermark information is embedded Into the de- 
compressed content data C In the digital-watermark in- 
fonnation processor 224. Then, the content data C is 
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played back in the playback module 169. 
[0398] In step S40-5, the UCS data 1 66 read in step 
S40-1 is updated if necessary, and the updated UCS 
data 1 66 is again written into the work memory 200. The 
usage log data 108 stored in the external memory 201 
is updated or newly created. 

[0399] The CPU 11 00 then detennines in step S40-6 
whether the content playback processing has been cor- 
rectly perfonned, and reports the result to the host CPU 
810 through an external internjpt. 
[0400] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the content 
playback processing has been correctly performed, and 
the host CPU 810 may read the flag by polling. 

Processing to be executed when the USC data 1 66 of 
one machine is utilized for re-purchasing the content In 
another machine 

[0401] After determining the purchase mode of the 
content file CF downloaded into the download memory 
167 of the network device 1601 , a new secure container 
1 04x storing the content file CF is created, as shown in 
Fig. 41 , and is transferred to the SAM lOSg of the AA/ 
machine I6O2 via the bus 191 . The processing to be ex- 
ecuted in the SAM 105^ in the above-described opera- 
tion is discussed below with reference to Figs. 42 and 
43. 

[0402] The processing shown in Fig. 43 is executed, 
assuming that the key file KF., and the hash value H^i 
shown in Fig. 44C are stored in the work memory 200 
of the SAM 105^ by the above-described purchase 
processing. 

[0403] In step 843-1, according to the user's opera- 
tion performed on the operation unit 165, the CPU 11 00 
of the SAM 105^ shown in Fig. 42 receives the internal 
interrupt S810 indicating an instruction to transfer the 
secure container 1 04x, for which the purchase mode is 
detennined, to the SAM lOSg. Accordingly, the account- 
ing processor 187 updates the usage log data .108 
stored in the external memory 201 . 
[0404] Then, in step S43-2, the SAM 1 05^ checks the 
SAM registration list, which is discussed below, to verify 
the official registration of the SAM 1052, which is to re- 
ceive the secure container 104x. If so, the SAM 105^ 
perfomns the processing of step S43-3. The SAM 105., 
also determines whether the SAM lOSg is a SAM within 
the home network. 

[0405] In step S43-3, the mutual authentication unit 
170 shares the session key data KgEs obtained after 
perfonning mutual authentication with the SAM 1052- 
[0406] I n step S43-4, the SAM manager 1 90 reads the 
content file CF and the signature data SIGg shown in 
Fig. 39A from the download memory 211, and controls 
the signature processor 189 to accordingly create sig- 
nature data SIG41 SAM1 by using the private key data 
KsAMi of the SAM '1 05^ . 

[0407] Then, in step S43-5, the SAM manager 190 



reads the key file KF and the signature data SIGycp 
shown in Fig. 39B from the download memory 211 , and 
controls the signature processor 1 89 to accordingly cre- 
ate signature data SIG42 sami by using the private key 
5 data KsAMi SAM 1 05^. 

[0408] Thereafter, in step S43-6, the SAM manager 
190 creates the secure container 104x shown in Figs. 
44A, 44B, and 44C. 

[0409] In step S43-7, the secure container 1 04x is en- 

10 crypted with the session key data Kqes obtained in step 
S43-3 in the encryption/decryption (decoding) unit 1 71 . 
[0410] Subsequently, in step S43-8, the SAM manag- 
er 190 outputs the secure container 104x to the SAM 
1 062 of the AA/ machine 1 6O2 shown in Fig. 41 . In this 

IS case, simultaneously with mutual authentication be- 
tween the SAM 1 05^ and the SAM 1 0Sg, mutual authen- 
tication for the IEEE-1394 serial bus 191 is perfonned. 
[0411] Then, in step S43-9, the CPU 1100 determines 
whether the secure container 104x, for which the pur- 

20 chase mode is determined, has been con'ectly trans- 
ferred to the SAM 1052, and reports the result to the host 
CPU 810 through an external intermpt. 
[0412] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the secure 

25 container 104x has been correctly transferred to the 
SAM 1052, and the host CPU 810 may read the flag by 
polling. 

[0413] A description is now given, with reference to 
Figs. 45, 46, and 47, of the process executed within the 
30 SAM 1052 when the secure container 104x shown in 
Figs. 44A through 44D received from the SAM 105^ is 
written into the recording medium (RAM) 1304(Fig, 14), 
as illustrated in Fig. 41 . 

[0414] Figs. 46 and 47 are a flow chart illustrating the 

35 above-described process. 

[0415] As shown in Figs. 1 4 and 41 , the recording me- 
dium (RAM) 1 3O4 has the unsecured RAM area 1 34, the 
medium SAM 133, and the secure RAM area 132. 
[0416] Referring to Fig. 46, in step S46-0, the CPU 

40 1100 shown in Fig. 45 receives, from the host CPU 810 
of the network device 1 6O2 shown in Fig. 41 , the internal 
interrupt S81 0 indicating an instruction to receive the se- 
cure container 104x from the network device 160^ 
[0417] In step S46-1 , the SAM 1 062 checks the SAM 

45 registration list to detemriine whether the SAM 105^, 
which sends the secure container 104x, is officially reg- 
istered. If so, the SAM 1 063 performs the processing of 
step S46-2. The SAM lOSg also checks whether the 
SAM 1 05^ is a SAM within the home network, 

50 [0418] In response to the processing of the above-de- 
scribed step S43-3 shown in Fig. 43, the SAM 1052 
shares the session key Kq^q acquired by performing 
mutual authentication with the SAM 105^. 
[0419] In step S46-3, the SAM manager 190 of the 

55 SAM 1052 receives, as shown in Figs. 41 and 45, the 
secure container 104x from the SAM lOS^ of the net- 
work device 1 60^ . 

[0420] In step S46-4, the encryption/decryption (de- 
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coding) unit 1 71 of the SAM lOSg decodes the secure 
container 104x received via the SAM manager 190 by 
using the session key data Kses obtained in step S46-2. 
[0421] Then, in step S46-5, the content file CF within 
the secure container 104x decoded by the session key s 
data Kg^s undergoes processing in the medium drive 
SAM manager 855 shown in Fig. 45, such as sectoriz- 
ing, adding a sector header, scrambling, error-correct- 
ing code (ECC) encoding, modulating, and synchroniz- 
ing, and is then stored in the RAM area 134 of.the re- io 
cording medium (RAM) 13O4. 

[0422] In step S46-6, the signature data SIGg Qp and 
SIG.1 

SAM1> '^^y signature data 

SIG7 CP and SIG42_sAMi' key file KF^ and the 

hash value thereof H^^, the public key signature data ^5 
CEBqp and the signature data SIG^ ^sc therefor, and 
the public key signature data CERsami the signa- 
ture data SIG22.ESC therefor within the secure container 
1 04x, all of which are decoded with the session key data 
Kses- s*"® written Into the work memory 200. 20 
[0423] Subsequently, in step S46-7, the signature 
processor 1 89 verifies the integrity of the public-key cer- 
tificate data CERcp and CERqami using the public 
key data K^p p read from the storage unit 1 92. The sig- 
nature processor 1 89 also checks the Integrity of the sig- 25 
nature data SIGg cp by using the public key data K^pp 
stored in the public-key certificate data CERsami so as 
to verify the integrity of the creator of the content file CF. 
The signature processor 189 also checks the integrity 
of the signature data SI G4., 3 ami ^y using the public key 30 
data KsAMi p stored In the public-key certificate data 
CERsami to verify the Integrity of the sender of 

the content file CF. 

[0424] In step 846-8, the signature processor 1 89 ver- 
ifies the integrity of the signature data SIG7 ^p and 35 
SIG42 SAM1 stored in the work memory 200 by using the 
public key data K^p and KsAMi.pSoasto verify the send- 
er of the key file KF. 

[0425] Further, In step S46-9, the signature processor 
1 89 Checks the integrity of the signature data SIGj^., £sc 
stored in the key file KF shown in Fig. 44B by using the 
public key data Kgsc.p ^^^^ ^''om the storage unit 192, 
thereby making it possible to verify the creator of the key 
file KF. 

[0426] Referring to Fig. 47, in step S46-1 0, the signa- ^5 
ture processor 1 89 checks the integrity of the hash value 
Hj^.j so as to verify the integrity of the creator and the 
sender of the key file KF.,. 

[0427] In this example, the creator and the sender of 
the key file KF-, are the same. However, if they are dif- so 
ferent, signature data for both the creator and the sender 
are created, and the signal processor 189 verifies the 
integrity of both the signature data. 
[0428] In step S46-1 1 , the usage monitor 1 86 controls 
the purchase and usage modes of the content data C 
by using the UCS data 166 stored in the key file KF^ 
decoded in step S46-10, 

[0429] in step S46-12, upon detemnining the pur- 



chase mode by operating the operation unit 1 65 by the 
user the CPU 1100 of the SAM 1062 receives the cor- 
responding internal interrupt S810. 
[0430] In step S46-13, the accounting processor 187 
updates the usage log data 1 08 stored in the external 
memory 201 under the control of the CPU 1100. The 
accounting processor 1 87 also updates the UCS data 
1 66 every time the purchase mode of the content data 
is determined. In this case, the UCS data 166 of the 
sender SAM is discarded. 

[0431] Then, in step S46-14, the encryption/decryp- 
tion (decoding) unit 173 of the SAM 1063 encrypts the 
UCS data 166 generated in step S46-1 2 by sequentially 
using the storage key data Kstr, the medium key data 
Kmedi ^"ci the purchase key data Kp,^| read from the 
storage unit 192. and outputs the encrypted UCS data 
166 to the medium drive SAM manager 855. 
[0432] In step S46-15, the medium drive SAM man- 
ager 855 executes processing, such as sectorizing, 
adding a sector header, scrambling, ECC encoding, 
modulating, and synchronizing, on the key file KF-, hav- 
ing the updated UCS data 166, and stores it in the se- 
cure RAM area 132 of the recording medium (RAM) 
I3O4. 

[0433] The medium key data K^^o already been 
stored in the storage unit 192 by mutual authentication 
between the mutual authentication unit 1 70 of the SAM 
lOSg shown in Fig. 45 and the medium SAM 133 of the 
recording medium I3O4 shown in Fig. 41 . 
[0434] The stoi-age key data KgyR js data determined 
by the type of machine (in this example, the AA/ machine 
I6O2), such as a SACD machine, a DVD machine, CD- 
R machine, or an MD machine, and is used for corre- 
sponding one type of machine to one type of recording 
medium. A SACD and a DVD have the same physical 
structure of a disk medium. Accordingly, data on a 
SACD can be recorded and played back by using a DVD 
machine, in which case, the storage key data Ksjr 
serves the function of preventing illegal copying. In this 
embodiment, encryption with the use of the storage key 
data KsTR "^ay not be performed. 
[0435] The medium key data K^^^^ is data unique to 
the recording medium (in this example, the recording 
medium (RAM) I3O4). 

[0436] The medium key data K^^go is stored in a stor- 
age medium (in this example, the storage medium 
(RAM) I3O4 shown in Fig. 41), and encryption and de- 
cryption is preferably performed by using the medium 
key data K^^d in the medium SAM of the recording me- 
dium in tenns of the security. In this case, if the recording 
medium is provided with a medium SAM, the medium 
key data Ki^^q is stored in the medium SAM, and if not, 
the medium key data K^ed stored within the RAM ar- 
ea. I.e., an area (not shown) outside the control of the 
host CPU 810. 

[0437] As in this embodiment, mutual authentication 
may be perfonmed between the SAM 1062 and the me- 
dium SAM (in this example, medium SAM 133), and 
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then, the medium key data Kj^j^o be transferred to 
the SAM 1052 via a secure communication path, and 
encryption and decryption may be performed in the SAM 
1052 by using the medium key data Kj^eq. 
[0438] In this embodiment, the storage key data Ksjr ^ 
and the medium key data K,^ed "^^y be used for pro- 
tecting the security of the physical layer of the recording 
medium. 

[0439] The purchaser key data Kp,N is data indicating 
the purchaser of the content file CF, and if the content io 
is purchased in the "sell through" mode, the purchaser 
key data Kpj^ is assigned to the user from the EiVlD serv- 
ice center 1 02. The purchaser key data Kpi^ is managed 
by the EMD service center 1 02. 

[0440] In step S46-1 6, the key file KF Is read from the '5 
work memory 200, and is written into the secure RAM 
area 132 of the recording medium (RAM) 13O4 by the 
medium drive SAM 260 shown In Fig. 41 via the medium 
drive SAM manager 855. 

[0441] In step S46-1 7, the CPU 1 1 00 of the SAM 1 052 
reports the result of the processing for the received se- 
cure container 1 04x to the host CPU 81 0 through an ex- 
ternal interrupt. 

[0442] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 25 
described processing has been correctly performed, 
and the host CPU 810 may read the flag by polling. 
[0443] In the above-described embodiment, the key 
files KF and KF^ are recorded on the secure RAM area 
132 of the recording medium (RAM) ISO^ via the medi- 30 
urn drive SAM 260. However, the key files KF and KF^ 
may be recorded on the medium SAM 1 33 from the SAM 
1052, indicated by the one-dot chain line in Fig. 41 . 
[0444] In the aforementioned embodiment, the se- 
cure container 104x is sent from the SAM 105^ to the 35 
SAM lOSg. However, the content file CF and the UCP 
data 106 may be sent from the network device 160^ to 
the A/V machine IO62 under the control of the host 
CPUs of the network device 1 06^ and the A/V machines 
1063. In this case, the UCS data 166 and the content 40 
key data Kc are sent from the SAM 105^ to the SAM 
1052- 

[0445] As a modification to the above-described em- 
bodiment, the purchase mode is detemiined in the SAM 
1 05i , and the SAM 1 0Sg uses the UCS data 1 66 without 45 
determining the purchase mode. In this case, the usage 
log data 108 is created only In the SAM 105^, but not in 
the SAM 1052- 

[0446] In purchasing the content data C, for example, 
an album consisting of a plurality of content data C may so 
be purchased. In this case, the plurality of content data 
C may be provided by different content providers 101 
(in the second embodiment, which is described below, 
the plurality of content data C may be provided by dif- 
ferent service providers 310). Alternatively, part of the 55 
content data C forming an album may be Initially pur- 
chased, and later, the remaining content data C may be 
gradually purchased. As a result, the whole album is 



purchased. 

[0447] Fig. 48 illustrates examples of various pur- 
chase modes of the content data C. 
[0448] The network device 160-, purchases the con- 
tent data C which has been received from the content 
provider 1 01 by using the UCP data 1 06, and generates 
UCS data 1 66a. 

[0449] Similarly, the A/V machine 1 6O2 purchases the 
content data C which has been received from the con- 
tent provider 101 to the network device 160., by using 
the UCP data 106, and generates UCS data 166b. 
[0450] The AA/ machine 1 6O3 copies the content data 
C purchased by the A/V machine 1 6O2, and determines 
the usage mode by using the UCS data 1 66b created in 
the AA/ machine I6O2. As a result, UCS data 166c Is 
generated in the A/V machine I6O3. The /W machine 
I6O3 also creates usage log data 108b from the UCS 
data 1 66c. 

[0451 ] The network device 1 6O4 receives the content 
data C which has been received from the content pro- 
vider 101 to the network device 160^ and determined 
the purchase mode in the network device 1 60., , and then 
detennlnes the purchase mode by using the UCS data 
1 66 created by the network device 160^. As a result, the 
UCS data 166a is generated in the A/V machine I6O4, 
and usage log data 108a is also created from the UCS 
data 166a. 

[0452] The UCS data 166a, 166b, and 166c are re- 
spectively encrypted in the AV machines I6O4, I6O2, 
and 1 6O3 by using the storage key data \<str unique to 
the machine and the medium key data K^ed unique to 
the recording medium, and are recorded on the corre- 
sponding recording media. 

[0453] In this embodiment, the user pays for licensing 
rights for the content data C rather than for property 
rights. The copying of the content data contributes to 
promotion of the content, and also satisfies the de- 
mands of the right holders of the content data in view of 
expediting the sale. 

Processing for determining the purchase mode of 
content data on a recording medium (ROM) 

[0454] As shown in Fig. 49, the recording medium 

(ROM) 130-1 shown in Fig. 11 which stores the content 
and for which the purchase mode Is still undetenmined 
is distributed offline to the A/V machine 1 6O2 via a user 
home network 103, and the A/V machine I6O2 deter- 
mines the purchase mode. This processing is discussed 
below with reference to Figs. 50 and 51 . 
[0455] Referring to Fig. 51, In step S51-0, according 
to the user's operation perfomned on the operation unit 
165. the CPU 1100 of the SAM 1052 shown in Fig. 50 
receives the internal interrupt S810 indicating an in- 
struction to detennine the purchase mode of the content 
distributed via a recording medium (ROM). 
[0456] In step S51 -1 , after performing mutual authen- 
tication between the mutual authentication unit 170 
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shown in Fig. 50 and the nnedium SAM 133 of the re- 
cording medium (ROM) 130^ shown in Fig. 11, the SAM 
1 052 receives the nnedium key data Ki^^p from the me- 
dium SAM 133. If the SAM 1052 already has the medium 
key data Kj^ed stored therein, it is not necessary to re- 5 
celve the medium key data K^^ed- 
[0457] Then, in step S51-2, the key file KF and the 
signature data SIG7 cp therefor, and the public-key cer- 
tificate data CERcp and the signature data SIG^ 
therefor, which are shown in Figs. 3B and 3C, stored in 10 
the secure container 104 recorded on the secure RAM 
area 1 32 of the recording medium (ROM) 1 30^ , are writ- 
ten into the work memory 200 via the medium drive SAM 
manager 855. 

[0458] In step S51-3, after verifying the integrity of the ?5 
signature data SIG^ gg^, the signature processor 189 
extracts the public key data K^pp from the public-key 
certificate data CERqp, and verifies the integrity of the 
signature data SIG7 ^p, i.e., the sender of the key file 
KF, by using the public key data K^pp. 20 
[0459] The signature processor 1 89 also verifies the 
integrity of the signature data SIGj^^ stored in the 
key file KF, i.e., the creator of the key file KF, by using 
the public key data K^scp ^^^^ ^^^^ storage unit 
192. . ' 25 

[0460] Subsequently, in step S51 -4, after verifying the 
Integrity of the signature data SIG7 cp and SIGk-,,esc '^1 
the signature processor 1 89, the key file KF is read from 
the work memory 200 and written into the encryption/ 
decryption (decoding) unit 172. 30 
[0461] Then, the encryption/decryption (decoding) 
unit 172 decrypts (decodes) the content key data Kc, 
the UCP data 1 06, and the SAM program download con- 
tainers SDC^ through SDC3 stored In the key file KF by 
using the license key data KD^ through KD3 of corre- 35 
spending periods, and writes them into the work mem- 
ory 200. 

[0462] In step 851 -5, after conducting mutual authen- 
tication between the mutual authentication unit 170 
shown in Fig. 50 and the AA/ compression/decompres- -^o 
sion SAM 163 shown in Fig. 49, the AA/ compression/ 
decompression SAM manager 184 of the SAM ISOg out- 
puts the content key data Kc stored in the work memory 
200, the partially disclosing parameter data 199 stored 
In the UCP data 1 06, and the content data C stored in ^5 
the content file OF read from the ROM area 131 of the 
recording medium (ROM) 1 30^ to the A/V compression/ 
decompression SAM 163 shown in Fig. 49. 
[0463] Then, the A/V compression/decompression 
SAM 163 decodes and decompresses the content data so 
C in the partially disclosing mode by using the content 
key data Kc, and outputs it to the playback module 270. 
The content data C is then played back In the playback 
module 270. 

[0464] Thereafter, in step S51-6; the purchase mode 55 
of the content is determined according to the user's op- 
eration of the operation unit 165 shown in Fig. 49, and 
the internal interrupt S810 indicating the determined 
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purchase mode is output to the CPU 1100 of the SAM 

1 052- 

[0465] In step S51-7, the accounting processor 187 
creates the UCS data 1 66 according to the operation 
signal SI 65 and writes it Into the work memory 200. 
[0466] In step S51 -8, the content key data Kc and the 
UCS data 1 66 are output from the work memory 200 to 
the encryption/decryption (decoding) unit 173. 
[0467] The encryption/decryption (decoding) unit 1 73 
then sequentially encrypts the content key data Kc and 
the UCS data 166 by using the storage key data Kstr. 
the medium key data K^^^q, and the purchaser key data 
Kpii^j read from the storage unit 192, and writes them 
into the work memory 200. 

[0468] In step S51 -9, the medium SAM manager 1 97 
creates the key file KF^ shown In Fig. 44C from the en- 
crypted content key data Kc, the UCS data 1 66, and the 
SAM program download containers SDC^ through 
SDC3 read from the work memory 200. 
[0469] In the signature processor 189, the hash value 
of the key file KF^ shown in Fig. 44C is created, and 
is output to the medium drive SAM manager 855. 
[0470] After conducting mutual authentication be- 
tween the mutual authentication unit 170 shown in Fig. 
50 and the medium SAM 133 shown in Fig. 49, the me- 
dium drive SAM manager 855 writes the key file KF^ and 
the hash value H^i to the secure RAM area 132 of the 
recording medium (ROM) 130^ via the medium drive 
SAM 260 shown in Fig. 49. As a result, the recording 
medium 130^, for which the purchase mode is deter- 
mined, is obtained. 

[0471] Simultaneously, the UCS data 166 and the us- 
age log data 108 created by the accounting processor 
187 are appropriately sent from the work memory 200 
and the external memory 201 , respectively, to the EMD 
service center 1 02. 

[0472] If the key file KF is stored In the medium SAM 
133 of the recording medium (ROM) 1301, the SAM 
1 052 receives the created key file KF^ from the medium 
SAM 133, as Indicated by the one-dot chain line in Fig. 
49. In this case, the SAM 1062 writes the created key 
file KF., into the medium SAM 133. 
[0473] In step S51 -10, the CPU 1 1 00 of the SAM 1 062 
determines whether the processing for determining the 
purchase mode of the content distributed via the above- 
described recording medium (ROM) has been con-ectly 
performed; and reports the result to the host CPU 810 
through an external interrupt. 

[0474] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 810 may read the flag by polling. 

Processing for writing content data Into a recording 
medium (RAM) after the purchase mode of the content 
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data in a recording medium (ROM) has been 
determined 

[0475] As shown in Fig, 52, the secure container 1 04, 
for which the purchase mode is still undetermined, is 5 
read from the recording medium (ROM) 1 30^ , and a new 
secure container 104y is created in the AA/ machine 
I6O3 and is transferred to the A/V machine I6O2. The 
purchase mode of the secure container 104y is deter- 
mined in the A/V machine 1 eOg, and the secure contain- 10 
er 104y is written into the recording medium (RAM) 
13O5. The flow of this process is described below with 
reference to Figs. 53, 54, and 55. 
[0476] It should be noted that the transfer of the se- 
cure container 1 04y from the recording medium (ROM) is 
130^ to the recording medium (RAM) 13O5 may be per- 
formed among any of the network device 1 60^ and the 
A/V machines ISOg through I6O4 shown in Fig. 1. 
[0477] Referring to the flow chart of Fig. 55, in step 
S55-0, according to the user's operation perfomned on 20 
the operation unit 165, the CPU 1100 shown in Fig. 53 
receives the internal interrupt S810 indicating an in- 
struction to transfer the secure container 1 04, for which 
the purchase mode is still undetermined, read from the 
recording medium (ROM) 130^ to the SAM 1052- 25 
[0478] In step S55-1 , the SAM 1 053 checks the SAM 
registration list so as to determine whether the SAM 
1 062 , which is to receive the secure container, is official- 
ly registered. If so, the SAM 1063 performs processing 
of step S55-2. The SAM 1 053 also checks whether the 30 
. SAM 1 052 ^ SAM within the home network. 
[0479] Then, in step S55-2, mutual authentication is 
perfomried between the SAM IO53 and the SAM 1052 
so as to share the session key data Kqes- 
[0480] In step S55-3, mutual authentication is con- 35 
ducted between the SAM 1 053 of the AA/ machine 1 6O3 
and the medium SAM 133^ of the recording medium 
(ROM) 130^ , and the medium key data Kj^edi 
cording medium 130^ is transferred to the SAM 1063. 
[0481 ] If encryption using the medium key data K^^^di 
is perfomned in the medium SAM 133^ of the recording 
medium (ROM) 130.,, the medium key data K^^edi 's 
transferred to the SAM 1063. 

[0482] Then, In step S55-4, mutual authentication is 
perfomned between the SAM 1052 AA/ machine ^5 

I6O2 and the medium SAM I335 of the recording medi- 
um (RAM) 1 3O5, and the medium key data K,^ed2 of the 
recording medium 1 3O5 is transferred to the SAM 1 052- 
[0483] If encryption using the medium key data K^^ed2 
is performed in the medium SAM I335 of the recording so 
medium (RAM) 1 3O5, the medium key data K^Eoa 's not 
transferred to the SAM 1 062. 

[0484] In step S55-5. as shown in Fig. 53, the SAM 
1053 reads the content file OF and the signature data 
SIGg.cp from the ROM area 131 of the recording medl- S5 
um (ROM) 130^ via the medium drive SAM manager 
855, and outputs them to the SAM manager 190 and 
also controls the signature processor 189 to create the 



signature data SIG350 sam3 t>y using the private key data 

KsAM3,S- 

[0485] In step S55-6, as shown in Fig. 53, the SAM 
1053 reads the key file KF and the signature data 
SIG7 CP from the secure RAM area 1 32 of the recording 
medium (ROM) 130^ via the medium drive SAM man- 
ager 855, and outputs them to the SAM manager 190 
and also controls the signature processor 189 to create 
the signature data SIG352 sams using the private key 
data KsAM3,s- 

[0486] Then, in step S55-7, in the SAM IO53, the pub- 
lic-key certificate data CERs^p^3 and the signature data 
SiG35i,ESC are read from the storage unit 192 to the 
SAM manager 190. 

[0487] In step S55-8, the secure container 104y 
shown in Figs. 54A through 540 is created in, for exam- 
ple, the SAM manager 1 90 of the SAM 1 0Sg. 
[0488] In step S55-9, the encryption/decryption (de- 
coding) unit 171 of the SAM IO53 encrypts the secure 
container 104y by using the session key data Kses ob- 
tained In step S55-2. 

[0489] Thereafter, In step S55-10, the secure contain- 
er 1 04y is sent from the SAM manager 1 90 of the SAM 
1 053 to the A/V machine 1 SOg. 

[0490] Then, the CPU 1100 of the SAM IO53 deter- 
mines whether the above-described processing has 
been properly performed, and reports the result to the 
host CPU 810 through an external interrupt. 
[0491] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been properly executed, and 
the host CPU 81 0 may read the flag by polling. 
[0492] In the SAM 1052, under the control of the CPU 
1100 according to the internal interrupt S810 from the 
host CPU 81 0, as shown in Fig. 57, the secure container 
104y shown in Figs. 54A through 54D input from the 
SAM 1 053 via the SAM manager 1 90 is decoded in the 
encryption/decryption (decoding) unit 171 by using the 
session key data K3ES 

[0493] Then, in step S55-11 , the key file KF and the 
signature data SIG7 Qp and SIG35o,sam3. public-key 
certificate data CERsams the signature data 

SIG351 ESC* the public-key certificate data CERcp 
and the signature data SIG^ esc within the secure con- 
tainer 104y are written into the work memory 200. 
[0494] In step S55-1 2, the signature processor 1 89 of 
the SAM 1 052 verifies the signature data SIGg cp and 
SIG35o,SAM3 stored in the secure container 104y, i.e., the 
Integrity of the creator and the sender of the content file 

CF; 

[0495] Then, in step S55-13, the content file CF is writ- 
ten into the RAM area 134 of the recording medium 
(RAM) I3O5 via the medium drive SAM manager 855. 
The content file CF may be directly written into the RAM 
area 134 of the recording medium (RAM) I3O5 without 
the SAM 1 052 under the control of the host CPU 81 0. 
[0496] Subsequently, in step S55-14, the signature 
processor 1 89 checks the signature of the signature da- 
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ta SIG351 ECS so as to verify the Integrity of the public- 
key certificate data CERsams. ^^^^ verifies the in- 
tegrity of the signature data SIG7 cp, SIG352,sam3- s*^^ 
^'^Ki.ESC' integrity of the creator and the send- 

er of the key file KF, by using the public key data Ksam3 
and the public key data K^scp stored in the public-key 
certificate data CERsam3- 

[0497] Thereafter, in step S55-15, the key file KF is 
read from the work memory 200 into the encryption/de- 
cryption (decoding) unit 172, and is decoded with the 
license key data KD^ through KD3 and is again written 
into the work memory 200. 

[0498] In step S55-16, the UCP data 106 of the de- 
coded key file KF stored in the work memory 200 is out- 
put to the usage monitor 1 86. Then, the purchase mode 
and the usage mode are managed (monitored) in the 
usage monitor 1 86 based on the UCP data 1 06. 
[0499] In step S55-1 7, by the user's operation on the 
operation unit 165 shown in Fig. 62, the purchase and 
usage modes of the content are detemained, and the 
corresponding internal interrupt S810 is output to the 
CPU 1100 of the SAM lOSg. 

[0500] In step S55-1 8, the UCS data 1 66 and the us- 
age log data 108 are created in the accounting proces- 
sor 1 87 based on the determined purchase and usage 
modes, and are written into the work memory 200 and 
the external memory 201 , respectively. The UCS data 
166 and the usage log data 108 are appropriately sent 
to the EMD service center 102. 

[0501] Then, in step S55-19, the content key Kc and 
the UCS data 1 66 are read from the work memory 200 
into the encryption/decryption (decoding) unit 173, and 
are sequentially encrypted by using the storage key data 
Kgyp, the medium key data K|^ed2' purchaser 
key data Kp,f^ read from the storage unit 192. The en- 
crypted data are then output to the medium SAM man- 
ager 197. The key file KF is also output from the work 
memory 200 to the medium SAM manager 1 97. 
[0502] In step S55-20, the key file KF^ shown in Fig. 
44C is generated in the medium SAM manager 1 97, and 
is written into the medium SAM ISSg of the recording 
medium (RAM) 1 3O5 via the medium SAM manager 1 97. 
The key file KF is also written into the medium SAM 1 385 
of the recording medium (RAM) 13O5 via the medium 
SAM manager 197. 

[0503] In step S55-21 , the CPU 1 1 00 of the SAM 1 0Sg 
determines whether the above-described processing 
has been precisely performed, and reports the result to 
the host CPU 81 0 through an external Interrupt. 
[0504] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the afore- 
mentioned processing has been accurately perfomied, 
and the host CPU 810 may read the flag by polling. 
[0505] The implementation method of the SAMs 1 05., 
through 105^ is as follows. 

[0506] In implementing the functions of the SAMs 
1 05 1 through 1 064 as hardware, an application specified 
IC (ASIC)-type CPU having a built-in memory is used, 



and a security function module, a program module for 
performing content rights processing, and highly secret 
data, such as key data, are stored in the memory to im- 
plement the functions shown in Fig. 30. A series of rights 
5 processing program modules, such as an encryption li- 
brary module (public key encryption, common key en- 
cryption, a random-number generator, hash functions), 
a program module for restricting the use of the contents, 
an accounting program module, etc. are implemented 
10 as, for example, software. 

[0507] For example, a module, such as the encryp- 
tion/decryption (decoding) unit 171, Is implemented as 
an IP core within an ASIC-type CPU as hardware in view 
of the processing rate. In terms of the performance, such 
IS as the clock rate or the CPU code system, the encryp- 
tion/decryption (decoding) unit 171 may be implement- 
ed as software. 

[0508] As the storage unit 1 92 and a memory for stor- 
ing program modules and data for implementing the 
functions shown in Fig. 30, a non-volatile memory (flash 
ROM) may be used, and a fast memory, such as an 
SRAM , may be used as the work memory. Or, a FeRAM 
may be employed as a memory integrated in the SAMs 
105^ through 1064. 

[0509] The SAMs 105^ through 1064 also have a built- 
in timing function for checking the time and date required 
to verify the effective period and contracting period for 
the usage of the content. 

[0510] As stated above, the SAMs 1 05^ through 1 064 

have a high tamper-resistance structure in which the 
program modules, the data, and the processing con- 
tents are shielded from an external source. Each SAM 
sets an address space which is invisible from the corre- 
sponding host CPU by using a memory management 
unit (MMU) for managing the memory address of the 
host CPU. With this arrangement, highly private pro- 
grams and the contents of data stored in the memory of 
the iC of each SAM, a group of registers relating to the 
system configuration of the SAM, an encryption library, 
and a group of registers of clocks can be protected from 
being read or written via a host CPU bus. That is, the 
above-described data and programs of each SAM are 
protected from being in the address space assigned by 
the host CPU. 

[0511] The SAMs 105^ through 1064 are also resist- 
ant to physical attacks from an external source, such as 
X rays and heat. Additionally, even if real time debug- 
ging (reverse engineering) is performed by using a de- 
bugging tool (hardware in-circuit emulator (ICE) or soft- 
ware ICE), the processing content is invisible, or the de- 
bugging tool itself becomes unusable after manufactur- 
ing the IC. 

[0512] In terms of the hardware structure, the SAMs 
105^ through 1064 are regular ASIC-type CPUs having 
a built-in memory, and the functions of the SAMs 105-) 
through 1064 are dependent on the software which op- 
erates the CPU. However, the SAMs 105^ through IO54 
are different from regular ASIC-type CPUs in that they 
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have a hardware structure provided with an encryption 
function and tamper resistance. 

[0513] On the other hand, there are two approaches 
to implement all the functions of the SAMs 1 05^ through 
1 064 as software. One approach is to perfonn software s 
processing within a totally shielded module having high 
tamper resistance. The other approach is to perform 
software processing in a host CPU installed in an ordi- 
nary machine, but in which the software processing Is 
very difficult to decode. In the first approach, the encryp- 10 
tion library module is stored in the memory as a regular 
software module rather than an Intellectual property (IP) 
core, namely, it can be considered to be implemented 
as hardware. On the other hand, according to the sec- 
ond approach, tamper-resistant software is used, and ^5 
even if the execution content is decoded by an ICE (de- 
bugger), the execution order of the tasks may be mean- 
ingless (in this case, the tasks are partitioned so that the 
single task is meaningful as a program so as not to in- 
fluence the preceding and following tasks), or the tasks 20 
themselves may be encrypted. That is, the functions are 
implemented as a task scheduler (MiniOS) for enhanc- 
ing the security. The task scheduler provided is embed- 
ded in a target program. 

[0514] Details of the AA/ compression/decompres- 25 
slon SAM 163 shown in Fig. 22 are given below. 
[0515] The AA/ compression/decompression SAM 
163 includes, as shown in Fig. 22, the mutual authenti- 
cation unit 220, the decoders 221 and 222, the decom- 
pression unit 223, the digital -watermark information 30 
processor 224, and a partially disclosing processor 225. 
[0516] The mutual authentication unit 220 perfomns 
mutual authentication with the mutual authentication 
unit 170 of the SAM 105^ shown in Fig. 30 when the A/ 
V compression/decompression SAM 1 63 receives data 35 
from the SAM 1 05^ , and generates the session key data 
KsES- 

[0517] The decoder 221 decodes the content key data 
Kc, the partially disclosing parameter 1 99, the user dig- 
ital watermark information data 1 96, and the content da- 
ta C received from the SAM 105^ by using the session 
key data KgEs- The decoder 221 then outputs the de- 
coded content key data Kc and the content data C to the 
decoder 222, and outputs the decoded user digital wa- 
termark infonnation data 1 96 to the digital-watermark In- ^5 
formation processor 224, and also outputs the partially 
disclosing parameter 1 99 to the partially disclosing proc- 
essor 225. 

[0518] The decoder 222 decodes the content data C 
in the partially disclosing state by using the content key so 
data Kc under the control of the partially disclosing proc- 
essor 225, and outputs the decoded content data C to 
the decompression unit 223. The decoder 222 also de- 
codes the whole content data C with the content key da- 
ta Kc in the normal operating mode, i.e., the mode other ss 
than the partially disclosing mode. 
[0519] The decompression unit 223 decompresses 
the decoded content data C and outputs it to the digital- 



watennark information processor 224. The decompres- 
sion unit 223 decompresses the content data C by us- 
ing, for example, the AA/ decompression software 
stored in the content file CP shown in Fig. 3A, according 
to, for example, the ATRAC3 method. 
[0520] The digital-watermark information processor 
224 embeds the user digital watermark information ac- 
cording to the decoded user digital watermark informa- 
tion data 196 into the decoded content data C so as to 
create new content data C. The digltal-watemnark infor- 
mation processor 224 then outputs the newly created 
content data C to the playback module 1 69. 
[0521] In this manner, the user digital watermark in- 
formation Is embedded Into the content data C by the A/ 
V compression/decompression SAM 163 when repro- 
ducing the content data C. 

[0522] In the present invention. It may be determined 
that the user digital watennark information data 1 96 is 
not embedded into the content data C. 
[0523] The partially disclosing processor 225 informs 
the decoder 222, based on the partially disclosing pa- 
rameter 1 99, which blocks are to be decoded and which 
blocks are not to be decoded. The partially disclosing 
processor 225 may control the partially disclosing mode 
by, for example, restricting the playback functions for 
demonstration or limiting the period for listening to the 
content for demonstration. 

[0524] The playback module 169 perfomns the play- 
back operation according to the decoded and decom- 
pressed content data C. 

[0525] Processing for registering the SAMs 105-| 
through 1 064 in the EMD service center 1 02 when they 
are shipped is as follows. The same registration 
processing is performed in the SAMs 1 0S., through 1 064, 
and thus, only the registration of the SAM 105., is dis- 
cussed below. 

[0526] When shipping the SAM lOS^, the following 
key data is registered in the storage unit 1 92 shown in 
Fig. 30 via a SAM manager 149 by a key server 141 of 
the EMD service center 102. 

[0527] When the SAM 105^ is shipped, for example, 
a program used for the initial access by the SAM 1 05^ 
to the EMD service center 102 is also stored in the stor- 
age unit 1 92. 

[0528] More specifically, the SAM 105., stores in initial 
registration, for example, the identifier SAMJD of the 
SAM lOS^, the storage key data Kq^r, the public key 
data Kp.Q;^ of the root certifying authority 92, the public 
key data K^scp of the EMD service center 1 02, the pri- 
vate key data Ksamt.s ^^e SAM 1051 , the public-key 
certificate data CERs^mi and the signature data there- 
for SIG22,ESC' and the source key data for creating the 
authentication key data between the A/V compression/ 
decompression SAM 163 and the medium SAM, all of 
which have the symbol aUached on the left side of 
the data, as shown in Fig. 34. 

[0529] The public-key certificate data CERsami f^iay 
be sent from the EMD service center 102 to the SAM 
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105i when the SAM 105^ is registered after being 
shipped. 

[0530] In shipping the SAM 1 05^ , the file reader des- 
ignating the reading format of the content file CF and 
the key file KF respectively shown in Figs. 3A and SB is 5 
written into the storage unit 192 by the EMD service 
center 1 02. Then, in the SAM 1 05^ , the file readerstored 
in the storage unit 192 is used when reading the data 
stored in the content file CF and the key file KF. 
[0531 ] The public key data Kp.^A the root certifying io 
authority 92 uses the River-Shamlr-Adleman (RSA) al- 
gorithm, which is often used in electronic commerce on 
the Intemet, and the data length is, for example, 1024 
bits. The public key data Kp.^A issued by the root cer- 
tifying authority 92 illustrated in Fig. 1 . is 
[0532] The public key data K^qq p of the EMD service 
center 102 is generated by the elliptic curve cryptosys- 
tern, whose encryption strength is comparable to or 
higher than the RSA, and the data length is only, for ex- 
ample, 160 bits. However, considering the encryption 20 
strength, the public key data K^scP desirably has 192 
bits or greater. The EMD service center 102 registers 
the public key data K^qq p in the root certifying authority 
92. 

[0533] The root certifying authority 92 creates the 25 
public-key certificate data CEResc the public key data 
^Esc.p- public-key certificate data CERgsc storing 
the public key data Kgsc.p stored In the storage unit 
192 preferably when shipping the SAM 105^. In this 
case, the public-key certificate data CER^sc signed 30 
with the private key data Kpoors the root certifying 
authority 92. 

[0534] The EMD service center 1 02 generates a ran- 
dom number so as to create the private key data Kqami .s 
of the SAM 105., and also creates the public key data 35 
^SAM1 ,p to form a pair with the private key data Ksami ,s- 
[0535] The EMD service center 102 also acquires a 
certificate from the root certifying authority 92 so as to 
issue the public-key certificate data CERsami of the 
public key data Ksami.P' ^nd attaches signature data 40 
with the private key data K^g^.s of the EMD service 
center 102. That is, the EMD service center 102 serves 
as a second certifying authority. 

[0536] The unique identifier SAMJD is assigned to 
the SAM 105i from the EMD service center 102 under 45 
the control of the EMD service center 102. The unique 
identifier SAMJD is stored in the storage unit 192 and 
is also managed by the EMD service center 1 02. 
[0537] After being shipped, the SAM 1 05^ is connect- 
ed to the EMD sen/ice center 1 02 by, for example, a us- so 
er, and is registered. Then, the license key data KD^ 
through KD3 are transferred from the EMD service cent- 
er 1 02 to the storage unit 1 92. 

[0538] That is, the user of the SAM 105^ is required 
to register in the EMD service center 1 02 before down- ss 
loading the content. This registration is perfomied of- 
fline, such as by mail, with a registration sheet attached 
to the machine (in this example, the network device 



160^) on which the SAM 105^ Is loaded by filling in in- 
formation for specifying the user (user name, address, 
contact telephone number, gender, settlement account, 
login name, password, etc.). Until the above-described 
registration has been conducted, the user is unable to 
use the SAM 105^. 

[0539] The EMD service center 102 issues an identi- 
fier USER_ID unique to the user according to the user's 
registration, and manages the relationship between the 
SAMJD and the USERJD, which is used for settling 
the account. 

[0540] The EMD service center 102 also assigns an 
information reference identifier ID and a password, 
which is for initial use of the user of the SAM 105^, and 
reports them to the user The user makes a query to the 
EMD service center 102 about, for example, the current 
usage situation of the content data (usage log) by using 
the information reference identifier ID and the password. 
[0541] The EMD service center 102 makes a query 
to, for example, acredit card companytocheckthe iden- 
tity of the user, or to the user offline about the identity of 
himself/herself in the user registration. 
[0542] A description is now given of the process for 
storing the SAM registration list in the storage unit 192 
within the SAM 105^, as shown in Fig. 34. 
[0543] The SAM 105^ shown in Fig. 1 obtains the 
SAM registration list of the SAMs 1062 through 1064, 
which are in the same system as the SAM 1 05-,, by uti- 
lizing a topology map created when a machine connect- 
ed to the bus 191 , for example, an IEEE-1 394 serial bus, 
is powered on, or when a new machine is connected to 
the bus 191. 

[0544] The topology map is created according to the 
bus 191, not only for the SAMs 105^ through 1064, but 
also for SCMS processing circuits 1065 and lOSg of A/ 
V machines 1 6O5 and 1 SOq which are also connected to 
the bus 191, as illustrated in Fig. 58. Accordingly, the 
SAM 105^ creates the SAM registration list shown In Fig. 
59 by extracting the infomiation about the SAMs 105i 
through 1064 from the topology map. 
[0545] The SAM 105^ then registers the SAM regis- 
tration list shown in Fig. 59 in the EMD service center 
1 02 so as to obtain the signature. 
[0546] The aforementioned processing is automati- 
cally executed by the SAM 1 05^ by utilizing the session 
of the bus 1 91 , and the SAM 1 05^ issues the registration 
command of the SAM registration list to the EMD service 
center 102. 

[0547] Upon receiving the SAM registration list shown 
in Fig. 59 from the SAM 105^, the EMD service center 
1 02 checks the effective period, and also checks for the 
settlement function designated by the SAM 105^ during 
registration. The EMD service center 102 refers to the 
prestored revocation list (certificate revocation list 
(CRL)) shown In Fig. 60 and sets the revocation flag 
within the SAM registration list. The revocation list is a 
list of the SAMs which are prohibited from being used 
(have become Invalid) due to illegal use. In perfonning 
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communication between the SAMs, each SAM checks 
the revocation list for whether the corresponding SAM 
has become invalid, in which case, the communication 
therebetween is discontinued. 

[0548] I n settling the accou nt, the EM D service center 
102 checl<s the SAM registration list of the SAM 105^ 
forwhetherthe SAMs described in the list are contained 
in the revocation list. The EMD service center 1 02 also 
attaches the signature to the SAM registration list. 
[0549] As a result, the SAM registration list shown in 
Fig. 61 Is created. 

[0550] The SAM revocation list is formed for SAMs in 
the same system (i.e., SAMs connected to the bus 191), 
and indicates whether each SAM is Invalid according to 
a revocation flag for the corresponding SAM. 
[0551] The revocation list CRL is preferably updated 
automatically within the SAM according to, for example, 
updating data sent from the EMD service center 1 02 to 
the SAM. The security functions of the SAM are as fol- 
lows. 

[0552] As the security functions, the SAM possesses 
IP components of the encryption library, such as DES 
of the common key cryptosystem (Triple DES/advanced 
encryption standard (AES)). the elliptic curve cryptosys- 
tem of the public key cryptosystem (signature creation/ 
checking EC-DSA, common key creation EC-D. H., and 
public key cryptosystem EC-Elgamal), compression 
function (hash function) SHA-1 , and a random-number 
generator (intrinsic random number). 
[0553] The public key cryptosystem (elliptic curve 
cryptosystem) is employed for mutual authentication, 
signature creation, signature checking, and common 
key (session key) creation (delivering). The common 
key cryptosystem (DES) is employed for encrypting and 
decoding the content, and compression functions (hash 
functions) are employed for message authentication in 
signature creation and checking. 
[0554] Fig. 62 illustrates the security functions of the 
SAM. There are two types of security functions man- 
aged by the SAM: (1) a security function In the applica- 
tion layer for encrypting and decoding the content, and 
(2) a security function in the physical layer for securing 
a communication path by performing mutual authentica- 
tion with another SAM. 

[0555] In the EMD system 1 00, the content data C to 
be distributed is wholly encrypted, and a key is pur- 
chased upon settling the account. Since the UCP data 
106 is sent together with the content data C according 
to the In-band system, it is managed in a layer independ- 
ent of the type of network medium. It is thus possible to 
provide a common rights processing system independ- 
ent of the type of communication path, such as a satel- 
lite, terrestrial waves, cable, radio, or a recording medi- 
um. For example, when the UCP data 106 is Inserted 
into the header of the protocol of the physical layer of a 
network, even for the same type of UCP data 106, It Is 
necessary for each network to detennine where the 
header the UCP data 1 06 is inserted. 



[0556] In this embodiment, the content data C and the 
key file KF are encrypted for protection by the applica- 
tion layer. Mutual authentication may be performed In 
the physical layer, the transport layer, or the application 

5 layer. Integrating the encryption function into the phys- 
ical layer means integrating the encryption function into 
hardware. Mutual authentication is desirably performed 
in the physical layer since the main object of perfonning 
mutual authentication is to ensure a communication 

10 ' path between the sender and the receiver. In actuality, 
however, mutual authentication is often implemented In 
the transport layer while being independent of the trans- 
mission channel. 

[0557] The security functions of the SAM include mu- 

is tual authentication for verifying the integrity of another 
SAM to communicate with, and encryption and decryp- 
tion (decoding) of content data which involves account- 
ing processing In the application layer. 
[0558] Generally, mutual authentication between 

20 SAMs for performing communication between ma- 
chines is implemented in the application layer. However, 
it may be implemented in another layer, such as the 
transport layer or the physical layer 
[0559] Mutual authentication to be implemented in the 

25 physical layer utilizes 5C1394CP (content protection). 
According to 1394CP, M6, which is the common key 
cryptosystem, is implemented in the Isochronous chan- 
nel of a 1394LINKIC (hardware). Mutual authentication 
(elliptic curve cryptosystem or common key cryptosys- 

30 tem using hash functions) is then performed with an 
asynchronous channel, and the resulting session key is 
transferred to MS of the isochronous channel. As a re- 
sult, the common key cryptosystem is implemented by 
M6. 

35 [0560] If mutual authentication between SAMs is im- 
plemented in hardware of the physical layer the session 
key obtained by performing mutual authentication using 
the public key cryptosystem (elliptic curve cryptosys- 
tem) is transferred to M6 of 1394LINKIC via the host 

40 CPU, thereby encrypting the content data C by using 
the above-described session key together with the ses- 
sion key obtained by 1394CP. 

[0561] If mutual authentication between SAMs is per- 
formed in the application layer, the content data C is en- 

45 crypted by utilizing the common key cryptosystem li- 
brary (DES/Triple DES/AES) within the SAM. 
[0562] In this embodiment, for example, nriutual au- 
thentication between the SAMs is implemented in the 
application layer, and mutual authentication by 1394CP 

50 is implemented in the physical layer (hardware), such 
as 1394LINKIC. 

[0563] In this case, encryption and decryption (decod- 
ing) of the content data C which involves accounting 
processing Is performed in the application layer. How- 
55 ever, the application layer Is easy to access by the user 
and may be analyzed unlimitedly. Accordingly. In this 
embodiment, accounting-related processing is execut- 
ed within high tamper-resistant hardware in which the 
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processing content is fully protected from being moni- 
tored from an external source. This is the major reason 
for implementing the SAM as high tamper- resistant 
hardware. 

[0564] If accounting processing is executed within the 5 
host CPU, tamper-resistant software is implemented In 
the CPU. 

[0565] A description is now given, with reference to 
Fig. 63, of an example of implementation of various 
SAMs within, for example, the network device 160., of io 
the user home network 103 shown in Fig. 1 . 
[0566] The network device 160., includes, as shown 
in Fig. 63, the host CPU 81 0^ , the SAM 1 051 . the down- 
load memory 1 67, the medium drive SAM 260, a drive 
CPU 1003, and a shock proof (anti-vibration) memory, is 
such as a dynamic RAM (DRAM) 1004. 
[0567] Part of the download memory 1 67 and part of 
the shock proof memory 1 004 are used as a common 
memory, which can be accessed from both the SAM 
105i and the host CPU 81 O^. 20 
[0568] The shock proof memory 1 004 stores the con- 
tent data C received via a data bus 1002, and then out- 
puts it to the A/y compression/decompression SAM 
163. This makes it possible to sequentially output the 
content data C to the A/V compression/decompression 25 
SAM 163 even if the reading operation of the content 
data C from the recording medium 130 is interrupted due 
to, for example, vibrations. It is thus possible to effec- 
tively prevent the interruption of the playback operation 
of the content data C. 30 
[0569] The download memory 1 67 Is connected to the 
host CPU bus 1000 via a module 1005 which consists 
of a memory controller and a bus arbiter/bridge. 
[0570] Fig. 64 illustrates the detailed configuration of 
the module 1 005 and the peripheral circuits. The module 35 
1005 includes, as' shown in Fig. 64, a controller 1500 
and a bus arbiter/bridge 1501 . 

[0571] The controller 1500 serves as a DRAM Inter- 
face (l/F) when a DRAM is used as the download mem- 
or y 167 , and has a r ead/w rite (r/w) line, an address bus, 4o 
a CAS line, and a RAS line to communicate with the 
download memory 167. 

[0572] The bus arbiter/bridge 1501 conducts arbitra- 
tion of the host CPU bus 1000, and has a data bus to 
communicate with the download memory 1 67, and also 
has a r/w line, an address bus, a ready line, and has a 
chip select (CS) line, a r/w line, an address bus, a data 
bus, and a ready line to communicate with the SAM 
105-,, The bus arbiter/bridge 1501 is connected to the 
host CPU bus 1000. so 
[0573] The bus arbiter/bridge 1501, the host CPU 
81 01 , and the SAM 1 05., are connected to the host CPU 
bus 1000, The host CPU bus 1000 has a CS line, a r/w 
line, an address bus, a data bus, and a ready line. 
[0574] The download memory 167 and the shock 55 
proof memory 1 004 store the above-described content 
file CF and the key file KF. The storage area of the shock 
proof memory 1 004 other than the storage area used as 



the common memory is employed for temporarily stor- 
ing the content data C received from the medium drive 
SAM 260 via the data bus 1 002 until the content data C 
is output to the A/V compression/decompression SAM 
163. 

[0575] The A/V compression/decompression SAM 

1 63 transfers data to the download memory 1 67 via the 
host CPU bus 1000, and also transfers data to the me- 
dium drive SAM 260 via the data bus 1 002. 
[0576] Not only the download memory 167, but also 
the SAM 105^, the A/V compression/decompression 
SAM 163, and a DMA 1010, are connected to the host 
CU bus 1000. 

[0577] The DMA 1010 centrally controls access to the 
download memory 167 via the host CPU bus 1000 ac- 
cording to a command from the host CPU 81 0^. 
[0578] The host CPU bus 1000 is also employed for 
communication with the other SAMs, i.e., the SAMs 
1062 through IO54, within the user home network 103 
by using a 1394-serial interface link layer 
[0579] The drive CPU 1003, the medium drive SAM 
260, an RF amplifier 1006, a medium SAM interface 
1007, and a DMA 1011 are connected to a drive CPU 
bus 1001. 

[0580] The drive CPU 1 003 centrally controls access 
to the disk-type recording medium 130 according to a 
command from the host CPU 81 0., . In this case, the host 
CPU 81 0^ serves as a master, while the drive CPU 1 003 
serves as a slave. The drive CPU 1003 is handled as 
an I/O as viewed from the host CPU 81 0., . 
[0581 ] The drive CPU 1 003 encodes and decodes da- 
ta in accessing to the recording medium (RAM) 130. 
[0582] When the recording medium (RAM) 1 30 is set 
in a drive, the drive CPU 1003 determines whether the 
recording medium 130 is suitable for the SAM 105., 
(EMD system 100) (i.e., whether rights processing can 
be safely performed on the recording medium 130 by 
the SAM 105.,). If so. the drive CPU 1003 reports the 
con-esponding infomnation to the host CPU 81 0^ and al- 
so instructs the medium drive SAM 260 to perform mu- 
tual authentication with the medium SAM 133. 
[0583] The medium SAM interface 1 007 serves as an 
interface for access to the medium SAM 133 of the re- 
cording medium 1 30 via the drive CPU bus 1 001 . 
[0584] The DMA 1011 centrally controls access to the 
shock proof memory 1004 via the drive CPU bus 1001 
and the data bus 1 002 according to a command from 
the drive CPU 1 003. The DMA 1 01 1 controls, for exam- 
ple, data transfer between the medium drive SAM 260 
and the shock proof memory 1004 via the data bus 
1002. 

[0585] According to the configuration shown in Fig. 
63, for example, in performing communication, such as 
mutual authentication between the SAM 1051 and the 
medium SAM 133 of the recording medium 130, data 
transfer is conducted therebetween via the host CPU 
bus 1 000, the host CPU 81 0^, a register within the drive 
CPU 1003, the drive CPU bus 1001, and the medium 
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SAM interface 1007 based on the control of the host 
CPU8IO1, 

[0586] In accessing the recording mediunn 130, mu- 
tual authentication is conducted between the nnedium 
drive SAM 260 and the medium SAM 133. s 
[0587] In compressing or decompressing data In the 
AA/ compression/decompression SAM 163 in order to 
access the download memory 167 or the shock proof 
memory 1004, as discussed above, mutual authentica- 
tion is performed between the SAM 105^ and the AA/ 10 
compression/decompression SAM 163. 
[0588] In this embodiment, in Fig. 63, the SAM 105^ 
and the A/V compression/decompression SAM 163 are 
handled as devices connected to the I/O interface, as 
viewed from the host CPU 81 O^, Communication and is 
data transfer of the SAM 1051 and the A/V compression/ 
decompression SAM 1 63 with the host CPU 81 0., is per- 
formed under the control of a memory I/O and address 
decoder 1020. In this case, the host CPU 81 0^ serves 
. as a master, while the SAM 1 05^ and the AA/ compres- 20 
sion/decompresslon SAM 163 serve as slaves. The 
SAM 1051 and the A/V compression/decompression 
SAM 163 execute processing instructed by the host 
CPU 81 0^, and reports the results to the host CPU 81 0^ 
if necessary. 25 
[0589] The medium SAM 133 and the medium drive 
SAM 260 are handled as devices connected to the I/O 
interface, as viewed from the drive CPU 1003. Commu- 
nication and data transfer of the medium SAM 133 and 
the medium drive SAM 260 with the drive CPU 1003 is 30 
performed under the control of a memory I/O and ad- 
dress decoder 1021 . In this case, the drive CPU 1 003 
serves as a master, while the medium SAM 1 33 and the 
medium drive SAM 260 serve as slaves. The medium 
SAM 133 and the medium drive SAM 260 execute 35 
processing instructed by the drive CPU 1003 and re- 
ports the results to the drive CPU 1003 if necessary. 
[0590] Access control to the content file CF and the 
key file KF stored In the download memory 1 67 and the 
shock proof memory 1004 may be centrally perfomned 40 
by the SAM 105^. Alternatively, access control to the 
content file CF may be performed by the host CPU 81 0^ , 
and access control to the key file KF may be performed 
bytheSAM 105i. 

[0591] The content data C read from the recording 45 
medium 130 by the drive CPU 1003 is stored in the 
shock proof memory 1 004 via the RF amplifier 1 006 and 
the medium drive SAM 260, and is then decompressed 
In the A/V compression/decompression SAM 163. The 
decompressed content data is converted into analog da- so 
ta in a digital^o-analog (D/A) converter, and sound 
based on the converted analog signal is output from a 
speaker. 

[0592] Inthiscase, the shock proof memory 1004 may 
temporarily store the content data C consisting of a plu- ss 
rality of tracks, which are non-contlnuously read from 
storage areas discretely located In the recording medi- 
um 130, and then continuously output the content data 



C to the A/V compression/decompression SAM 163. 
[0593] The master-slave relationships of the various 
SAMs within the user home network 103 shown in Fig. 
63 are described below. 

[0594] For example, when the content data C, for 
which the purchase mode is determined, is recorded on 
the recording medium 1 30, as shown in Fig. 65, the host 
CPU 81 01 outputs an internal interrupt to instruct the 
SAM 105^, which serves as an I/O device, to determine 
the purchase mode of the content data C, and also to 
perfonn mutual authentication with the medium SAM 
133 of the recording medium 130, thereby recording 
content data C on the recording medium 130. 
[0595] In this case, the host CPU 81 0^ serves as a 
master, while the SAM 105-, and the recording medium 
1 30 serve as slaves. The recording medium 1 30 is han- 
dled as an I/O device as viewed from the host CPU 810^. 
[0596] In response to the intemal interrupt from the 
host CPU 81 0^, the SAM 105^ communicates with the 
medium SAM 133 to determine the purchase mode of 
the content data C and also writes predetemnined key 
data, such as the content key data Kc, into the medium 
SAM 1 33. Upon completion of this processing, the SAM 
1 05^ reports the processing result to the host CPU 81 0^ 
through an external interrupt or by polling of the host 
CPU 810-,. 

[0597] In playing back the content data C, for which 
the purchase mode is determined, recorded on a record- 
ing medium, an instruction to play back the content data 
C is given, as illustrated in Fig. 66, from the host CPU 
810^ to the SAM 105^ through an internal interrupt. 
[0598] In response to the internal interrupt, the SAM 
1 05^ reads a key data block, such as the key file KF, 
from the medium SAM 133 of the recording medium 
1 30, and executes processing for playing back the con- 
tent data C based on the UCS data 166 stored in the 
key data block. 

[0599] The SAM 1 05^ outputs an internal interrupt to 
instruct the A/V compression/decompression SAM 163 
to decompress the content data C read from the record- 
ing medium 130. 

[0600] Upon receiving the internal interrupt from the 
SAM 105^, the A/V compression/decompression SAM 
163 descrambles the content data C read from the re- 
cording medium 130, embeds and detects the digital 
watemnark infomiation, and decompresses the content 
data. Then, the A/V compression/decompression SAM 
1 63 outputs the processed content data C to the D/A 
converter so as to play back the content data C. 
[0601] After completion of the playback operation, the 
/W compression/decompression SAM 1 63 reports the 
corresponding infomnation to the SAM 105^. 
[0602] Upon receiving the above-described infomna- 
tion, the SAM 105^ reports It to the host CPU 81 0^ via 
an external interrupt. 

[0603] In this case. In the relationship between the 
host CPU 81 01 and the SAM lOS^, the host CPU 81 0^ 
senses as a master, while the SAM 105^ serves as a 
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slave. In the relationship between the SAM 1 05^ and the 
A/V compression/decompression SAM 163, the SAM 
105^ serves as a master, while the AA/ compression/ 
decompression SAM 163 serves as a slave. 
[0604] Although in this embodiment the AA/ compres- 5 
slon/decompression SAM 1 63 is the slave for the SAM 
105i,it may be a slave for the host CPU 810^. 
[0605] If the content data recorded on the recording 
medium 130 is played back without performing rights 
processing of the content data, as shown in Fig. 67, the io 
host CPU 81 0^ outputs an Internal interrupt to instruct 
the AN compression/decompression SAM 163 to exe- 
cute playback processing. The host CPU 810^ also out- 
puts an internal interrupt to instruct the medium drive 
SAM 260 to read the content data from the recording 
medium 130. 

[0606] Upon receiving the internal interrupt, the me- 
dium drive SAM 260 decodes the content data read from 
the recording medium 130 in the decoder, and then 
stores it in the shock proof memory 1 004. Upon com- 20 
pletion of this processing, the medium drive SAM 260 
reports the corresponding information to the host CPU 
810 through an external Interrupt. 
[0607] The content data stored in the shock proof 
memory 1004 is read into the A/V compression/decom- 25 
pression SAM 163, and undergoes processing, such as 
descrambling, embedding and detecting digital water- 
mark infonnatlon, and decompressing, and is then 
played back via the D/A converter. 

[0608] Upon completion of this processing, the A/V 30 
compression/decompression SAM 1 63 reports this in- 
formation to the host CPU 81 0^ through an external in- 
terrupt. 

[0609] In this case, the host CPU 810^ serves as a 
master, while the /W compression/decompression 3s 
SAM 163 and the medium drive SAM 163 serve as 

slaves. 

[0610] Circuit modules for implementing the above- 
described functions of the SAMs within the user home 
network 103 are discussed below. 40 
[061 1] As discussed above, the SAMs within the user 
home network 1 03 include the SAMs 1 05 (1 05^ through 
1064) for performing rights processing (profit distribu- 
tion), such as detemriining the purchase mode, the me- 
dium SAM 133 disposed in a recording medium, the A/ ^5 
V compression/decompression SAM 163, and the me- 
dium drive SAM 260. Circuit modules provided for the 
above-described SAMs are as follows. 

Example of rights processing SAM so 

[0612] Fig. 68 illustrates a circuit module for a rights 
processing SAM 105a. 

[0613] The SAM 105a is tamper-resistant hardware 

(equivalent to a circuit module of the present invention) 55 
including, as shown in Fig. 68, a CPU 1 1 00, a DAM 1101, 
a MMU 1102, an I/O module 1103, a mask ROM 1104, . - 
a non-volatile memory 11 05, a work RAM 11 06, a public 



key encryption module 1107, a common key encryption 
module 1 1 08, a hash function module 11 09, an (intrinsic) 
random-number generator 1110, a real time clock mod- 
ule 1111, and an external bus l/F 1112. 
[0614] The relationship between the elements of the 
rights processing SAM 105a and those of the. present 
invention is as follows. The CPU 1100 corresponds to 
an arithmetic processing circuit. The mask ROM 1104, 
the non-volatile memory 11 05, and the work RAM 1106 
correspond to a storage circuit. The common key en- 
cryption module 1108 corresponds to an encryption 
processing circuit. The external bus l/F 1112 corre- 
sponds to an external bus interface. 
[0615] As will be discussed below with reference to 
Fig. 69, Internal buses 1120 and 1121 correspond to a 
first bus of the present invention, and an external bus 
1 1 23 corresponds to a second bus of the present inven- 
tion. 

[0616] The internal bus 1120 also corresponds to a 
third bus, and the internal bus 1 121 also corresponds to 
a fourth bus. 

[0617] The external bus l/F 1 1 1 2 corresponds to a first 
interface circuit, and a bus l/F circuit 1116 corresponds 
to a second interface circuit. 

[061 8] An internal bus 1 1 22 corresponds to a fifth bus, 
an I/O module'corresponds to a third interface circuit, 
and a bus l/F circuit 1 1 1 7 corresponds to a fourth inter- 
face circuit. 

[061 9] A brief description of the relationship between 
the function module of the SAM 105^ shown in Fig. 30 
and the circuit module shown in Fig. 68 is given below. 
[0620] The CPU 1100 executes, for example, pro- 
grams stored in the mask ROM 1104 and the non-vola- 
tile memory 1105, so as to implement the functions of 
the CPU 1100, the accounting processor 187, and the 
usage monitor 186 shown in Fig. 30. 
[0621 ] The DMA 1101 centrally controls access to the 
download memory 1 67 shown in Fig. 22 and the storage 
unit 192 shown in Fig. 30 in response to a command 
from the GPU 1100. 

[0622] The MMU 1 1 02 manages the address spaces 
of the download memory 167 shown in Fig. 22 and the 
storage unit 192 shown in Fig. 30. 
[0623] The I/O module 1103 implements part of the 
functions of the medium SAM manager 1 97 shown in 
Fig. 30. 

[0624] The mask ROM 1104 stores fixed programs 

and data, such as an initializing program and an integrity 

check program for the SAM 1 05a, when manufacturing 

the SAM 105^, and implements part of the functions of 

the storage unit 192 shown in Fig. 30. 

[0625] The non-volatile memory 11 05 stores variable 

programs and data, such as encryption programs and 

key data, and implements part of the functions of the 

storage unit 192 shown in Fig. 30. 

[0626] The work RAM 1106 corresponds to the work 

memory 200 illustrated in Fig. 30. 

[0627] The public key encryption module 1 1 07 imple- 
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ments part of the functions of the signature processor 
1 89 illustrated in Fig. 30, and is used for perfonning mu- 
tual authentication with the medium SAM 1 33 according 
to the public key cryptosystem, creating signature data 
of the SAM 105, checking signature data (of the EMD 5 
service center 1 02, the content provider 1 01 , and, In the 
second embodiment, the service provider 31 0), encryp- 
tion and decryption of a small amount of data (such as 
the key file KF) to be transferred, and sharing a key. The 
public key encryption module 1 1 07 may be implemented io 
as a circuit module (hardware (H/W) IP solution), or may 
be implemented by executing a public key encryption 
program stored In the non-volatile memory 1105 by the 
CPU 1100 (software (S/W) IP solution). 
[0628] The common key encryption module 11 08 im- is 
plements part of the functions of the signature processor 
1 89 and the encryption/decryption (decoding) units 1 71 , 
1 72, and 1 73, and is used for perfonning mutual authen- 
tication and encrypting and decrypting data by using the 
session key data Kqes obtained by mutual authentica- 20 
tion. The common key cryptosystem realizes much fast- 
er processing than the public key cryptosystem, and is 
thus used for, for example, encrypting and decrypting a 
large amount of content data (content file CF). The com- 
mon key encryption module 11 08 may be implemented 25 
as a circuit module (H/W IP solution), or may be imple- 
mented by executing the common key encryption pro- 
gram stored in the non-volatile memory 1105 by the 
CPU 1 1 00 (S/W IP solution). 

[0629] Mutual authentication is achieved by encryp- 30 
tion and decryption of one or both of the public key en- 
cryption module 1107 and the common key encryption 
module 1108. 

[0630] The common key encryption module 11 08 de- 
codes the content key data Kc with the license key data 35 
KD. 

[0631] The hash function module 1109 implements 
part of the functions of the signature processor 189 
shown in Fig. 30, and is used for generating hash values 
of data for which signature data is to be created. More 40 
specifically, the hash function module 1109 is used for 
checking the signature data of the content provider 1 01 
and the EMD service center 1 02, and also checking the 
hash value Hki of the key file KF^ of the secure contain- 
er 104x illustrated in Figs. 44A through 44D. The hash ^5 
function module 1109 may be implemented as a circuit 
module (H/W IP solution), or may be implemented by 
executing a hash circuit module program stored in the 
non-volatile memory 1105 by the CPU 1100 (S/W IP so- 
lution). 50 
[0632] The random-number generator 1110 imple- 
ments part of the functions of the mutual authentication 
unit 170 illustrated in Fig, 30. 

[0633] The real time clock module 1111 generates real 
time, which is used for selecting the license key data KD ss 
with an effective period, or determining whether the re- 
quirements of an effective period Indicated by the UCS 
data 166 are satisfied. 



[0634] The externa! bus l/F 1112 implements part of 
the functions of the content provider manager 1 80, the 
download memory manager 182, and the EMD service 
center manager 185 shown in Fig, 30. 
[0635] Fig. 69 illustrates the hardware configuration 
within the SAM 105a. In Fig. 69, the same elements as 
those shown in Fig. 68 are designated with like refer- 
ence numerals. 

[0636] As shown in Fig. 69, within the SAM 105a, the 
CPU 1100, the mask ROM 1104, and the non-volatile 
memory 1 1 05 are connected to each other via the SAM/ 
CPU bus 1120. 

[0637] TheDMAIIOI is connected to the internal bus 
1121. An l^C interface 1130, a medium SAM interface 
1131, a Memory Stick (MS) interface 1132, and an IC 
card interface 1133 are connected to the internal bus 
1122. 

[0638] The medium SAM interface 1131 transfers and 
receives data to and from the medium SAM 133 of the 
recording medium 1 30. The MS interface 1132 transfers 
and receives data to and from a memory stick 1 1 40. The 
IC card interface 1 1 33 transfer and receives data to and 
from an IC card 1141 . 

[0639] The public key encryption module 1107, the 
common key encryption module 1 1 08, the hash function 
module 1109, the random-number generator 1110, the 
real time clock module 1111, the external bus l/F 1112, 
and an external memory l/F 1142 are connected to the 
external bus 1123. 

[0640] The host CPU bus 1000 shown In Fig. 63 is 
connected to the external bus l/F 1112, and the external 
memory 201 shown in Fig, 63 is connected to the exter- 
nal memory l/F 1142. 

[0641] The SAM/CPU bus 1 1 20 and the Internal bus- 
1121 are connected via the bus interface 1116. The in- 
ternal buses 1122 and 1121 are connected via the bus 
interface 1117. The intemal bus 1121 and the external 
bus 1123 are connected via a bus interface 1115. 
[0642] The above-described SRAM 1155 and the 
SAM status register 1 1 56 are stored in the bus interface 
1115. 

[0643] As stated above, the SAM status register 1 1 56 
has the first SAM status register 1156a and the second 
SAM status register 1156b. A flag indicating the status 
of the SAM 1 051 read by the host CPU 810., is set in 
the first SAM status register 1156a. A flag indicating 
whether a request to execute a task has been output 
from the host CPU 81 0^ is set in the second SAM status 
register 1156b, and this flag is read from the CPU 1100 
of the SAM i05i. 

[0644] The DMA 1101 centrally controls the mask 
ROM 1 1 04, the non-volatile memory 1 1 05, and the work 
RAM 1106 via the internal bus 1121 In response to a 
command from the CPU 1100. 

[0645] A MMU 1113 manages memory spaces of the 
mask ROM 1104, the non-volatile memory 1105, the 
work RAM 1 1 06, and the download memory 1 67 shown 
in Fig. 63. 
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[0646] An address decoder 1114 performs address 
conversion when data Is transferred between the inter- 
nal bus 1121 and the external bus 1123. 
[0647] A writing lock control circuit 1 1 35 controls writ- 
ing and erasing of each block of data into and from a 
flash ROM based on the lock key data of the CPU 1 1 GO. 
[0648] The address space of the rights processing 
SAM 1 05a is described below. 

[0649] Fig. 70 illustrates the address space of the 
rights processing SAM 105a. The address space con- 
tains, starting from the start address, a boot program, 
the system configuration, a flash ROM, predetermined 
programs, a device driver for the flash ROM, a device 
driver for a non-volatile memory, the work RAM 1106 
shown in Fig. 69, predetermined programs, the SRAM 

1155 shown in Fig. 69, the external memory 201, 
Key_TOC/File_System, a SAM registration list, the us- 
age log data 1 08, a register for the common key encryp- 
tion module 1 1 08 shown in Fig. 69, a registerforthe pub- 
lic key encryption module 1107 shown in Fig. 69, a reg- 
ister for the hash function module 1109 shown in Fig. 
69, a register for the random-number generator 1110 
shown in Fig. 69, a registerforthe real time clock module 
1111 shown in Fig, 69, a current time register an effec- 
tive period register, a control register, an IC card inter- 
face, a medium SAM interface, a Memory Stick inter- 
face, and an |2c bus interface. 

[0650] In the field of the address space assigned to 
the system configuration, the DMA 1101 and the SAM 
status register 1156 shown in Fig, 69 are stored. 
[0651] In the field of the address space assigned to 
the flash ROM, a main routine (kernel), interrupt pro- 
grams, sub-routines called by the interrupt programs, a 
command analyzer (table indicating the relationship be- 
tween the commands and start addresses of the Inter- 
rupt programs), and an interrupt vector table are stored. 
[0652] In the address spaceof the SAM 105a illustrat- 
ed In Fig. 70, the SAM status register 1156 and the 
SRAM 1 1 55 are used as common memory spaces with 
the host CPU 810. 

[0653] The address space of the host CPU 81 0-, 
shown in Fig. 63 is described below with reference to 
Fig. 71. 

[0654] The address space of the host CPU 81 0^ con- 
tains, as shown in Fig. 71, starting from the start ad- 
dress, a boot program, the system configuration, a code 
ROM, a data ROM, a work RAM, a common memory 
shared with the SAM 105., shown in Fig. 63, a common 
memory shared with the AN compression/decompres- 
sion SAM 163 shown, in Fig. 63, a common memory 
shared with the medium drive SAM 260 shown In Fig. 
63, and external devices. 

[0655] The SRAM 1155 and the SAM status register 

1156 shown in Fig. 69 are assigned to the common 
memory shared with the SAM 105^ shown in Fig, 63. 



Another example of rights processing SAM 

[0656] Fig. 72 illustrates a circuit module of a rights 
processing SAM 105b. In Fig. 72, the same elements 
5 as those shown In Fig. 69 are designated with like ref- 
erence numerals. 

[0657] The SAM 1 05b is f onned of, as shown in Fig. 
72, a secure memory 105ba, a host CPU 810, tamper- 
resistant software 1130, and an I/O module 1103. 

10 [0658] In the SAM 105b, the tamper- resistant soft- 
ware 1130 is executed by the host CPU 810 so as to 
implement the same function as the CPU 1100 shown 
in Fig. 68. As stated above, the tamper-resistant soft- 
ware 1130 is software in which the processing is totally 

13 shielded from an external source, and is difficult to be 
analyzed or overwritten. 

[0659] The secure memory 1 05ba is tamper-resistant 
hardware including a mask ROM 1104, a non-volatile 
memory 1105, a work RAM 1106, a public key encryp- 

20 tion module 1107, a common key encryption module 
1108, a hash function module 1109, an (intrinsic) ran- 
dom-number generator 1110, a real time clock module 
1111, and an external bus l/F 1112. 
[0660] The public key encryption module 1107, the 

25 common key encryption module 1108, and the hash 
function module 1109 may be implemented as a circuit 
module (HA/V IP solution), or may be implemented by 
executing a public key encryption program, a common 
key encryption program, and a hash function program, 

30 respectively, stored in the non-volatile memory 11 05 by 
the host CPU 810 (SAW IP solution). 
[0661] An example of the configuration of the above- 
described medium SAM 133 is as follows. Fig. 73 illus- 
trates a circuit module of the medium SAM 133. 

35 [0662] The medium SAM 133 is tamper-resistant 
hardware including, as shown in Fig. 73, a CPU 1200, 
a DMA 1201, an I/O module 1203, a mask ROM 1204, 
a non-volatile memory 1205, a work RAM 1206, a public 
key encryption module 1207, a common key encryption 

40 module 1 208, a hash function module 1 209, and an (in- 
trinsic) random-number generator 1210. 
[0663] The CPU 1200 controls the individual circuits 
within the tamper-resistant hardware, 
[0664] The work RAM 1206 corresponds to the work 

45 memory 200 shown in Fig. 30. 

[0665] The public key encryption module 1 207 is used 
for perfonning operations according to the public key 
cryptosystem, for example, (1) performing mutual au- 
thentication with the SAM 105^ and the drive CPU 1003 

50 shown in Fig. 63, (2) creating signature data of the me- 
dium SAM 133a and checking signature data (of the 
EMD sen/ice center 102, the content provider 101 , and 
in the second embodiment, the service provider 310), 
(3) encrypting and decrypting a small amount of data to 

55 be transferred, and (4) sharing the session key data 
KsEs obtained by mutual authentication. The public key 
encryption module 1107 may be implemented as a cir- 
cuit module (H/W IP solution), or may be implemented 
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by executing the public key encryption program stored 
in the non-volatile memory 1205 by the CPU 1200 (S/ 
W IP solution). 

[0666] The common key encryption module 1208 Is 
used for perfomiing mutual authentication and for en- s 
crypting and decrypting data, such as the key files KF 
and KFi by using the session key data Kg^s obtained 
by perfomning mutual authentication. The common key 
encryption module 1108 may be implemented as a cir- 
cuit module (H/W IP solution), or may be implemented io 
by executing the common key encryption program 
stored in the non-volatile memory 1205 by the CPU 
1200 (S/W IP solution). 

[0667] Mutual authentication can be realized by en- 
crypting and decrypting by one or both of the public key is 
encryption module 1207 and the common key encryp- 
tion module 1208. 

[0668] The hash function module 1209 is used for 
generating hash functions of data. More specifically, the 
hash function module 1 209 is used for verifying the hash 20 
value of the key file KF^ of the secure container 
104x shown in Figs. 44A through 44D. The hash func- 
tion module 1 1 09 may be implemented as a circuit mod- 
ule (H/W IP solution), or may be implemented by exe- 
cuting the hash circuit module stored in the non-volatile 25 
memory 1205 by the CPU 1200 (S/W IP solution). 
[0669] The random-number generator 1210 is used 
for performing, for example, mutual authentication. 
[0670] The I/O module 1203 is used for performing 
communication with the medium SAM l/F 1007 shown 30 
in Fig. 63. 

[0671] The mask ROM 1204 stores fixed programs 
and data, such as an initializing program and an integrity 
check program for the medium SAM 133, when being 
shipped. 35 
[0672] The non-volatile memory 1 205 stores variable 
programs and data, such as encryption programs and 
key data. 

[0673] Fig . 74 i llustrates data stored in the mask ROM 
1 204 and the non-volatile memory 1 205 when shipping "^o 
the medium SAM 1 33 to be installed in a recording me- 
dium (ROM). 

[0674] When shipping the recording medium (ROM), 
the medium SAM 133 stores, as shown in Fig. 74, an 
identifier (ID) of the medium SAM, storage key data ^5 
KsxR (medium key data K,^ed« Public key data K^g^ p 
of the EMD service center 1 02, public key data Kr.ca.p 
of the root certifying authority 92, pubiic-key certificate 
data CER^sAM of the medium SAM 133, public key data 
*^MSAM,p of medium SAM 133, private key data 50 
KsAM.s of the medium SAM 133, a revocation list, rights 
processing data, an entity ID which receives profits, the 
type of medium (medium type information and informa- 
tion specifying either a ROM or a RAM), physical ad- 
dress information (register space address) of the key ss 
files KF, the key file KF of each content data C (content 
file CF), and predetermined check values (MAC values). 
[0675] The physical address information (register 
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space address) of the key files KF, the key file KF of 
each content data C (content file CF), and the predeter- 
mined check values (MAC values) are encrypted with 
the license key data KD managed by the EMD service 
center 1 02. 

[0676] Fig. 75 illustrates data stored in the mask ROM 
1 204 and the non-volatile memory 1 205 when user reg- 
istration is conducted and the purchase mode is deter- 
mined after the medium SAM 133 to be installed in a 
recording medium (ROM) has been shipped, 
[0677] As shown in Fig. 75, a user ID, a password, 
favorite information., settlement information (for exam- 
ple, a credit card number), electronic money informa- 
tion, a key file KF-,, etc. are newly added to the medium 
SAM 133 by the user registration. 
[0678] Fig. 76 illustrates data stored in the mask ROM 
1204 and the non-volatile memory 1205 when the me- 
dium SAM 133 to be installed in a recording medium 
(RAM) is shipped. 

[0679] As illustrated in Fig. 76, when shipping the re- 
cording medium (RAM), the medium SAM 1 33 stores an 
identifier (ID) of the medium SAM 133, recording key 
data KsTR (medium key data K^^eq)' Public key data 
Kescp of the EMD service center 102, public key data 
Kp.cAp of the root certifying authority 92, public-key cer- 
tificate data CER^sAM of the medium SAM 133, public 
key data K^^sam.p of the medium SAM 133, private key 
data K,^sAM,s o^ the medium SAM 1 33, a revocation list, 
rights processing data, an entity ID which receives prof- 
its, and the type of medium (medium type Information 
and infomnation specifying either a ROM or a RAM). 
However, physical address Information (register space 
address) of the key files KF, key files KF and KF^ of each 
content data C (content file CF), and predetemriined 
check values (MAC values) are not stored. 
[0680] Fig. 77 illustrates data stored in the mask ROM 
1 204 and the non-volatile memory 1 205 when user reg- 
istration is conducted and the purchase mode is deter- 
mined after the medium SAM 133 to be installed in a 
recording medium (RAM) has been shipped. 
[0681] As illustrated in Fig. 77, in addition to a user 
ID, a password, favorite information, settlement infor- 
mation (for example, a credit card number), and elec- 
tronic money information, physical address information 
(register space address) of the key files KF, the key files 
KF and KF^ of each content data C (content file CF), 
and predetemnlned values (MAC values) are newly writ- 
ten into the medium SAM 133 by the user registration. 
[0682] The physical address infonnation (register 
space address) of the key file KF, the key files KF and 
KF^ of each content data C (content file CF), and the 
predetermined values (MAC values) are encrypted with 
the storage key data Ksjp- 

AA/ compression/decompression SAM 163 

[0683] The A/V compression/decompression SAM 
163 implements, for example, the functions shown in 
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Fig. 22. 

[0684] Fig. 78 illustrates a circuit module of the AA/ 
compression/decompression SAM 163. 
[0685] The AA/ compression/decompression SAM 
163 is tamper-resistant hardware including, as shown 
in Fig. 78, a CPU/DSP 1300. a DMA 1301 , a mask ROM 
1304, a non-volatile memory 1305, a work RAM 1306, 
a common key encryption module 1308, an (intrinsic) 
random-number generator 1310, a compression/de- 
compression module 1320, a digital watermark embed- 
ding/detecting module 1321, and a partial-Information 
disclosing control module 1322. 

[0686] The CPU/DSP 1300 centrally controls the in- 
dividual circuit modules within the AA/ compression/de- 
compression SAM 1 63 by executing programs stored in 
the mask ROM 1 304 and the non-volatile memory 1 305 
in accordance with a command, for example, from the 
SAM 105., shown in Fig. 63. 

[0687] The DMA 1 301 centrally controls access to the 
mask ROM 1304, the non-volatile memory 1305, and 
the work ROM 1306 in accordance with a command 
from the CPU/DSP 1300. 

[0688] When the AA/ compression/decompression 
SAM 163. the mask ROM 1304 stores fixed programs, 
such as an initializing program and an integrity check 
program for the A/V compression/decompression SAM 
163, and fixed data, such as an identifier AVSAMJD of 
the AA/ compression/decompression SAM 163. 
[0689] The non-volatile memory 1 305 stores variable 
programs and data, such as an encryption program and 
key data. 

[0690] The work RAM 1306 stores the key file KF re- 
ceived from the SAM 105.,. 

[0691] The common key encryption module 1308 is 
used for conducting mutual authentication and for en- 
crypting and decrypting the content data C and the con- 
tent key data Kc by using the session key data Kses 
obtained by mutual authentication. The common key en- 
cryption module 1308 may be Implemented as a circuit 
module (H/W I P solution) or may be implemented by ex- 
ecuting the common key encryption program stored in 
the non-volatile memory 1305 by the CPU/DSP 1300 
(S/W IP solution). The common key encryption module 
1 308 also decrypts the content data C by using the con- 
tent key data Kc obtained from the SAM 105.,. 
[0692] The (intrinsic) random-number generator 1 31 0 
is used for performing mutual authentication with, for ex- 
ample, the SAM 105.,. 

[0693] The compression/decompression module 
1320 Implements the functions of, for example, the de- 
compression unit 223 shown in Fig. 22. More specifical- 
ly, the compression/decompression module 1320 de- 
compresses the content data received from the down- 
load memory 167 and the shock proof memory 1004 
shown in Fig. 63, and compresses the content data re- 
ceived from the A/D converter. 

[0694] The digital watemriark embedding/detecting 
module 1321 implements the functions of the digital-wa- 



termark infomiatibn processor 224 shown in Fig. 22. For 
example, the digital watemriark embedding/detecting 
module 1321 embeds predetermined digital watermark 
information into the content data to be processed by the 

5 compression/decompression module 1320 and detects 
the digital watermark information embedded into the 
content data, that is, It determines whether the process- 
ing executed by the compression/decompression mod- 
ule 1320 is suitable. 

10 [0695] The partial-information disclosing control mod- 
ule 1322 implements the partially disclosing processor 
225 shown in Fig. 22 , and plays back the content data 
according to the playback mode. 

IS Medium drive SAM 260 

[0696] Fig. 79 illustrates a circuit module of the medi- 
um drive SAM 260. 

[0697] The medium drive SAM 260 is tamper- res ist- 
20 ant hardware Including, as illustrated in Fig. 79, a CPU 
1400, a DMA 1401, a mask ROM 1404, a non-volatile 
memory 1405, a work RAM 1406, a common key en- 
cryption module 1 408, a hash function module 1 409, an 
(intrinsic) random-number generator 1410, an encode/ 
25 decoder module 1420, a storage- key-data generating 
module 1430, and a medlum-unique-ID generating 
module 1440. 

[0698] The CPU 1400 executes programs stored in 
the mask ROM 1404 and the non-volatile memory 1405 

30 in accordance with a command from the drive CPU 1003 
shown In Fig. 63, and centrally controls the individual 
circuit modules within the medium drive SAM 260. 
[0699] The DMA 1 401 centrally controls access to the 
mask ROM 1404, the non-volatile memory 1405, and 

35 the work RAM 1 406 In accordance with a command from 
the CPU 1400. 

[0700] When the medium drive SAM 260 is shipped, 
the mask ROM 1 404 stores fixed programs, such as an 
initializing program and an integrity check program for 
40 the medium drive SAM 260, and fixed data, such as 
identifier MDSAM JD of the medium drive SAM 260. 
[0701 ] The non-volatile memory 1 405 stores variable 
programs and data, such as encryption programs and 
key data. 

45 [0702] The work RAM 1 406 serves as a work memory 
for executing various processing. 
[0703] The common key encryption module 1408 is 
used for performing mutual authentication between the 
medium SAM 133 and the A/V compression/decom- 

50 pression SAM 163, and for encrypting and decrypting 
the content file CF and the key file KF by using the ses- 
sion key data Kqes, which is a common key obtained by 
mutual authentication, and also for encrypting the con- 
tent key data Kc using the storage key data Kgjp and 

35 the medium key data Kf^ED- The common key encryp- 
tion module 1408 verifies signature data and creates 
signature data by using the common key data and the 
hash values of data, for which signature, data is to be 
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created. 

[0704] The common key encryptio n modu I e 1 408 may 
be implemented as a circuit module (H/W IP solution), 
or may be implemented by executing the common key- 
encryption program stored In the non-volatile memory 5 
1405 by the CPU 1400 (S/W IP solution). 
[0705] Encryption of the content key data Kc by using 
the storage key data Kstr niay be performed by either 
the common key encryption module 1 408 of the medium 
drive SAM 260 or the medium SAM module 133. io 
[0706] The hash function module 1409 is used for ver- 
ifying signature data and for generating hash values of 
data, for which signature data Is to be created. 
[0707] The (intrinsic) random-number generator 1 41 0 
is used for performing mutual authentication with, for ex- is 
ample, the medium SAM 133. 

[0708] When accessing the content data stored in the 
ROM area or the RAM area of the recording medium 
130, the encoder/decoder module 1420 executes 
processing, such as encoding, decoding, ECC, modu- 20 
lating, demodulating, sectorizing, and desectorizing, on 
the content data. 

[0709] The storage-key-data generating module 1 430 
generates the storage key data unique to each me- 
dium by using the medium unique ID generated by the 25 
medium-unique-ID generating module 1440. 
[0710] The medium-unique-ID generating module 
1440 generates a medium unique ID unique to each re- 
cording medium from the drive ID generated by the me- 
dium drive SAM, 260 and the SAMJD of the medium 30 
SAM 133. 

[0711] The overall operation of the EMD system 1 00 
shown in Fig. 1 Is described below with reference to the 
flow chart of Fig. 80. 

[071 2] In step S1 , after the content provider 101 per- 35 
forms predetermined registration, the EMD service 
center 1 02 sends the public key certificate CERcp of the 
public key data K^pp of the content provider 1 01 . 
[0713] After the SAMs 105^ through 1064 perfonn 
predetermined registration processing, the EMD service 
center 102 also sends the public key certificates 
CERcp-i through CERcp4 of the public key data KgAMi P 
through KsA^44,P SAMs 105^ through IO54, re- 

spectively. 

[0714] After conducting mutual authentication, the ^5 
EMD service center 1 02 sends the license key data KD^ 
through KD3 forthree months, each having a one-month 
effective period, to the SAMs 105^ through 1064 of the 
user home network 103. 

[0715] In this manner, in the EMD system 100, the 11- so 
cense key data KD^ through KD3 are distributed to the 
SAMs 105^ through IO64 in advance. This enables the 
SAMs 1 05^ through 1 064 to purchase and utilize the se- 
cure container 1 04 distributed from the content provider 
101 by decoding the secure container 104 even while ss 
the SAMs 1 05^ through 1 064 are disconnected from the 
EMD service center 102. In this case, the purchase and 
usage log is recorded in the usage log data 108, which 



is then automatically sent to the EMD service center 1 02 
when the SAMs 1 05^ through 1 064 are connected to the 
EMD service center 1 02. It is thus possible for the EMD 
service center 102 to reliably perform settlement 
processing. If the EMD service center 1 02 does not re- 
ceive the usage log data 108 in a predetermined period, 
it is able to make the corresponding SAM invalid in the 
revocation list. The UCS data 166 is transmitted basi- 
cally in real time from the SAMs 105^ through 1064 to 
the EMD service center 102. 

[0716] In step 82, after performing mutual authentica- 
tion with the EMD service center 102, the content pro- 
vider 1 01 authorizes the UCP data 106 and the content 
key data Kc by registering them in the EMD service cent- 
er 1 02. The EMD service center 1 02 also creates the 
key file KF for six months and sends* it to the content 
provider 1 01 . 

[0717] In step S3, the content provider 101 creates 
the content file CF and the signature data SIG5 Qp there- 
for, shown in Fig. 3A, and the key file KF and the signa- 
ture data SIG7 CP therefor, shown In Fig. 3B. The content 
provider 101 then sends the secure container 104 In 
which the above-described files and data, and the pub- 
lic-key certificate data CER^p and the signature data 
SIGi 

ESC therefor, shown in Fig. 3C, are stored, to the 
SAMs 1 05^ through 1 064 of the user home network 1 03 
online or offline. 

[0718] In sending the secure container 104 online, a 
specific protocol for the content provider 1 01 is used to 
distribute the secure container 1 04 from the content pro- 
vider 101 to the user home network 103 in the format 
independent of the protocol (i.e., data to be transmitted 
by using a predetermined layer of a communication pro- 
tocol consisting of a plurality of layers). In sending the 
secure container 104 offline, the secure container 104 
is stored in a recording medium (ROM or RAM) and is 
sent from the content provider 1 01 to the user home net- 
work 103. 

[0719] Then, in step S4, the SAMs 1 05^ through 1 064 
of the user home network 1 03 check the signature data 
SIGg Qp, SIG7 Qp, and SIGK^ within the secure con- 
tainer 104 distributed from the content provider 101 so 
as to verify the integrity of the creators and senders of 
the content file CF and the key file KF. Thereafter, the 
SAMs 1 05^ through 1 064 decode the key file KF by using 
the license key data KD^ through KDg of corresponding 
periods. 

[0720] Subsequently, in step S5, in the SAMs 105, 
through 1064, the purchase and usage modes are de- 
termined based on the internal inten-upt S810 from the 
host CPU 810 according to the user's operation on the 
operation unit 185 shown in Fig. 22. 
[0721] In this case, the usage monitor 186 shown in 
Fig. 37 manages the purchase and usage modes of the 
content file CF selected by the user based on the UCP 
data 106 stored in the secure container 104. 
[0722] In step 36, the accounting processors 187 of 
the SAMs 105^ through 1064 shown in Fig. 37 create 
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the usage log data 1 08 and the UCS data 1 66 in which 
the purchase and usage modes are recorded, and send 
them to the EiVID service center 1 02. 
[0723] In step S7, the EMD service center 102 exe- 
cutes accounting processing based on the usage log da- 5 
ta 1 08, and creates the settlement request data 1 52 and 
the settlement report data 1 07. The EMD service center 
102 sends the settlement request data 152 and the sig- 
nature data SIGgg therefor to the settlement organiza- 
tion 91 via the payment gateway 90 shown in Fig. 1 . The io 
EMD service center 102 also sends the settlement re- 
port data 1 07 to the content provider 1 01 . 
[0724] Then, In step S8, after verifying the signature 
data SIGgg, the settlement organization 91 distributes 
the payment made by the user to content rights holders, fs 
such as the content provider 101 , based on the settle- 
ment report data 152. 

[0725] As described above, In the EMD system 100, 
the secure container 104 shown in Figs. 3A through 3C 
is distributed from the content provider 1 01 to the user so 
home network 1 03, and the key file KF within the secure 
container 104 Is processed in the SAMs 105^ through 
1054. 

[0726] The content key data Kc and the UCP data 1 06 
stored in the key file KF are encrypted with the license 25 
key data KD^ through KD3, and are decrypted only in 
the SAMs 1 05i through 1 054 which hold the license key 
data KD^ through KD3. The SAMs 105^ through IO54 
are tamper-resistant hardware In which the purchase 
and usage modes of the content data C are determined 30 
based on the handling contents of the content data C 
recorded in the UCP data 106. 

[0727] Therefore, according to the EMD system 100, 
the content data C can be reliably purchased and uti- 
lized in the user home network 1 03 based on the UCP 35 
data 1 06 created by the content provider 101 or a con- 
tent-rights holder. 

[0728] Additionally, in the EMD system 1 00, the con- 
tent data C may be distributed from the content provider 
101 to the user home network 103 online or offline by 40 
storing it in the secure container 104. In this case, the 
rights processing of the content data C in the SAMs 1 05^ 
through 1 064 are not influenced by whether the content 
data C is sent online or offline. 

[0729] In the EMD system 100, in purchasing, utiliz- ^5 
ing, recording, and transfen-ing the content data C in the 
network device 160^ and the AA/ machines leOg 
through I6O4 within the user home network 103, 
processing is always executed based on the UCP data 
106. Thus, rights processing rules In common to the so 
whole user home network 1 03 can be established. 
[0730] Fig. 81 illustrates an example of protocols for 
distributing the secure container 104 used in the first 
embodiment. 

[0731] In the multiple processor system (EMD sys- 55 
tem) 100, as illustrated in Fig. 81 , as protocols for deliv- 
ering the secure container 1 04 from the content provider 
101 to the user home network 103, TCP/IP and XMLy 



SMIL, for example, are used. 

[0732] As protocols for transferring the secure con- 
tainer 1 04 between the SAMs of the user home network 
1 03 or between the user home networks 1 03 and 1 03a, 
for example, XMUSMIL which is constructed on a 
1394-serial bus/interface is used. In this case, the se- 
cure container 1 04 may be stored in a recording medium 
(ROM or RAM) and distributed between the SAMS. 

Second Embodiment 

[0733] In the first embodiment, the content data is di- 
rectly distributed from the content provider 101 to the 
SAMs 1 05^ through 1 064 of the user home network 1 03. 
In the second embodiment, the content data is distrib- 
uted from a content provider to SAMs of a user home 
network via a sen/ice provider. 

[0734] Fig. 82 is a block diagram illustrating an EMD 
service system 300 of the second embodiment. 
[0735] The EMD service center 300 Includes, as 
shown in Fig. 82, a content provider 301 , an EMD serv- 
ice center 302, a user home network 303, a sen/ice pro- 
vider 310, a payment gateway 90, and a settlement or- 
ganization 91 .. 

[0736] The content provider 301, the EMD service 
center 302, the SAMs 305^ through 3054, and the serv- 
ice provider 310 respectively correspond to a data pro- 
viding apparatus, a management apparatus, a data 
processing apparatus, and a data distribution apparatus 
of the present invention. 

[0737] The content provider 301 is similar to the con- 
tent provider 1 01 of the first embodiment except that It 
supplies content data to the service provider 31 0. 
[0738] The EMD service center 302 is similar to the 
EMD service center 1 02 of the first embodiment except 
that It exercises an authentication function, a key-data 
management function, and a rights processing function, 
not only for the content provider 1 01 and the SAMs 305^ 
through 3064, but also for the sen/ice provider 301 . 
[0739] The user home network 303 includes a net- 
work device 360^ and AA/ machines 36O2 through 36O4. 
The network device 360^ integrates a SAM 305^ and a 
CA module 311 therein, and the AA/ machines 36O2 
through 36O4 integrate SAMs 3052 through 3054 therein. 
[0740] The SAMs 305^ through 3054 are simllarto the 
SAMs 105^ through IO54, respectively, of the first em- 
bodiment, except that they receive a secure container 
304 from the service provider 31 0, and verify signature 
data of the content provider 301 and the service provider 
310, and also create sen/ice-provider (SP) purchase log 
data (data for a data distribution apparatus) 309 for the 
sen/ice provider 310. 

[0741] An oven/iew of the EMD system 300 Is as fol- 
lows. 

[0742] In the EMD system 300, the content provider 
301 transmits the content key data Kc and the UCP data 
1 06, which Is similar to that of the first embodiment and 
which indicates the rights of the content data, such as 
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license agreement conditions of the content data C to 
be provided, to the EMD sen/ice center 302, which is a 
highly reliable authorizing organization. The UCP data 
1 06 and the content key data Kc are authorized (authen- 
ticated) by being registered in the ElVID service center 
302. 

[0743] The content provider 301 encrypts the content 
data C with the content key data Kc so as to create the 

content file CF. The content provider 301 receives a key 
file KF for six months for each content file CF from the 
EMD service center 302. 

[0744] The key file KF contains signature data for ver- 
ifying the integrity of the key file KF and Integrity of the 
creator and the sender of the key file KF. 
[0745] The content provider 301 then supplies the se- 
cure container 104 shown in Figs. 3A through 3C In 
which the content file CF, the key file KF, and the signa- 
ture data are stored to the service provider 310 offline 
via a recording medium or online via a network, such as 
the Internet, a digital broadcast, or by using an unofficial 
protocol. 

[0746] The signature data stored in the secure con- 
tainer 1 04 is used for verifying the integrity of the corre- 
sponding data and the Integrity of the creator and the 
sender of the data. 

[0747] Upon receiving the secure container 1 04 from 
the content provider 301, the service provider 310 
checks the signature data so as to verify the integrity of 
the creator and the sender of the secure container 1 04. 
[0748] The service provider 31 0 then creates price tag 
data (PT) 31 2 obtained by adding a price for the services 
given by the service provider 310, such as authoring 
services, to the SRP, which has been reported to the 
service provider 31 0 offline, desired by the content pro- 
vider 301. 

[0749] The service provlder310 then extracts the con- 
tent file CF and the key file from the secure container 
1 04 and creates the secure container 304 in which the 
content file CF, the key file KF, the price tag data 312, 
and signature data Kgps therefor are stored. 
[0750] The key file KF Is encrypted with the license 
key data KD^ through KDg, and the service provider 31 0 
is unable to see the content of the key file KF or overwrite 
it since It does not own the license key data KD^ through 
KDg- 

[0751] The EMD service center 302 also authorizes 
the price tag data 312 by registering it. 
[0752] The service provider 31 0 distributes the secure 
container 304 to the user home network 303 online or 
offline. If the secure container 304 is supplied offline, it 
is recorded on a recording medium (ROM) and is directly 
supplied to the SAMs 305^ through 305^. If the secure 
container 304 is supplied online, the service provider 
310 first performs mutual authentication with the CA 
module 311 , and encrypts the secure container 304 by 
using the session key data Kses and sends it. The CA 
module 311 receives the encrypted secure container 
304 and decrypts it by using the session key data Kqes. 



and then transfers it to the SAMs 305i through 3064. 
[0753] In this case, as communication protocols for 
sending the secure container 304 from the content pro- 
vider 301 to the user home network 303, MHEG is used 

5 for a digital broadcast, and XMiySMIL/HTML is used for 
the Internet. The secure container 304 is embedded 
within the corresponding protocol according to a tun- 
neling technique without depending on the communica- 
tion protocol (coding method). 

10 [0754] Accordingly, the format of the secure container 
304 does not have to match the communication proto- 
col, thereby increasing the flexibility In selecting the for- 
mat of the secure container 304. 

[0755] Subsequently, the SAMs 305^ through 3064 
IS check the signature data stored in the secure container 
304 so as to verify the integrity of the creator and the 
sender of the content file CF and the key file KF stored 
in the secure container 304. The SAMs 305^ through 
3064 then decode the key file KF by using the license 
20 key data KD^ through KD3 of corresponding periods dis- 
tributed from the EMD service center 302. 
[0756] In the network device 360^ and the A/V ma- 
chines 36O2 through 36O4, the purchase and usage 
modes of the secure container 304 supplied to the SAMs 
25 305^ through 3064 are determined according to the us- 
er's operation, and the secure container 304 Is then 
ready to be played back or recorded on a recording me- 
dium. 

[0757] The SAMs 305^ through 3064 record the pur- 
30 chase and usage log of the secure container 304 as the 
usage log data 308. The usage log data (log data or a 
management-apparatus log data) 308 is sent from the 
user home network 303 to the EMD service center 302 
In response to, for example, a request from the EMD 
35 service center 302. 

[0758] Upon determining the purchase mode of the 
content, the SAMs 305^ through 3064 send the UCS da- 
ta 1 66 indicating the purchase mode to the EMD service 
center 302. 

40 [0759] The EMD service center 302 determines (cal- 
culates) the accounting content for each of the content 
provider 301 and the service provider 31 0 based on the 
usage log data 308, and settles the account, based on 
the calculated accounting content, by using the setlle- 

45 rnent organization 91 , such as a bank, via the payment 
gateway 90. According to this settlement, the payment 
made by the user of the user home network 303 to the 
settlement organization 91 is given to the content pro- 
vider 301 and the service provider 31 0 by the settlement 

50 processing performed by the EMD service center 302. 
[0760] In this embodiment, the EMD service center 
302 has an authentication function, a key-data manage- 
ment function, and a rights processing (profit distribu- 
tion) function. 

55 [0761] More specifically, the EMD service center 302 
serves as a second certifying authority located at a layer 
lower than the root certifying authority 92, which is the 
neutral supreme authority, and authenticates public key 
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data by attaching a signature to the public-key certificate 
data of the public key data by using private key data of 
the EMD service center 1 02. The public key data is used 
for verifying the integrity of the signature data in the con- 
tent provider 301, the service provider 310, and the 
SAMs 305^ through 3064. As stated above, the EMD 
service center 1 02 registers and authorizes the UCP da- 
ta 106 of the content provider 301 , the content key data 
Kg, and the price tag data 312 of the service provider 
310, which is also part of the authentication function of 
the EMD service center 302. 

[0762] The EMD service center 302 also has the key- 
data management function of managing key data, such 
as license key data KD^ through KDq. 
[0763] The EMD service center 302 also has the fol- 
lowing rights processing (profit distribution) function. 
The EMD service center 302 settles the account for the 
purchase and usage of the content made by the user 
based on the UCP data 1 06 registered by the content 
provider .301 , the usage log data 308 Input from the 
SAMs 305^ through 3064, and the price tag data 312 
registered by the service provider 310, and distributes 
the payment made by the user to the content provider 
301 and the service provider 31 0. 
[0764] Details of the individual elements of the con- 
tent provider 301 are as follows. 

[Content provider 301 ] 

[0765] The content provider 301 Is similar to the con- 
tent provider 101 of the first embodiment except that It 
supplies the secure container 104 shown in Figs. 3A 
through 3C to the service provider 31 0 online or offline. 
[0766] That is, the content provider 301 creates the 
secure container 104 and inserts it into a product dis- 
tributing protocol for the content provider according to 
the process shown in Figs. 17 through 19. 
[0767] The service provider 310 then downloads the 
secure container 1 04 and extracts it from the protocol. 

[Service provider 31 0] 

[0768] The service provider 310 creates the secure 
container 304 in which the content file CP and the key 
file KF supplied from the content provider 301 and the 
price tag data 312 are stored, and distributes It to the 
network device 360^ and the A/V machines 36O2 
through 36O4 of the user home network 303 online or 
offline. 

[0769] The services by the service provider 3 1 0 to the 
distribution of the content are largely divided into two 
types, I.e., independent services and dependent servic- 
es. 

[0770] The Independent services are downloading 

services for individually distributing the contents. The 
dependent services are services for distributing the con- 
tent together with programs or commercials (CM), for 
example, supplying the content of a theme song of a 



drama program by inserting it in a drama program 
stream. This enables the user to purchase the content 
stored in the stream while watching the drama program. 
[0771 ] Upon receiving the secure container 1 04 from 
5 the content provider 301, the service provider 310 cre- 
ates the secure container 304 according to the following 
process. 

[0772] A description is now given, with reference to 
the flow chart of Fig. 83, of the process of creating the 
10 secure container 304 from the secure container 1 04 re- 
ceived from the content provider 301 and distributing it 
to the user home network 303. 

[0773] In step S83-1, the service provider 310 re- 
ceives the secure container 104 shown in Figs. 3A 
^5 through 3C-from the content provider 301 online or of- 
fline, and stores it. 

[0774] If the secure container 104 is sent online, the 
secure container 104 is decoded by using the session 
key data K^^^ obtained by mutual authentication be- 
20 tween the content provider 301 and the service provider 
310. 

[0775] In step S83-2, the service provider 31 0 verifies 
the integrity of the signature data SIG., ^sc^^own in Fig. 
3C of the secure container 104 by using the public key 

25 data Kescp of the EMD service center 302, and then, 
extracts the public key data K^pp from the public-key 
certificate data CERcp shown in Fig. 3C. 
[0776] The service provider 31 0 then checks the sig- 
nature data SIGg CP and SIG7 cp shown in Figs. 3A and 

30 3B, respectively, of the secure container 104 by using 
the extracted public key data K^pp so as to verify the 
integrity of the creator and the sender of the content file 
CF and the sender of the key file KF. 
[0777] The service provider 310 also checks the slg- 

35 nature data SIG^i esc stored in the key file KF shown 
in Fig. 3B by using the public key data K^scp so as to 
verify the integrity of the creator of the key file KF. This 
also verifies the official registration of the key file in the 
EMD service center 1 02. 

40 [0778] Thereafter, In step S83-3, the service provider 
310 creates the price tag data 312 obtained by adding 
a price for the services of the service provider 31 0 to the 
RSP desired by the content provider 301 which has 
been reported from the content provider 301 offline, 

45 [0779] The service provider 31 0 also creates signa- 
ture data SIG62,sP' ^'^^sa.sP' S'^64.sp ^^^^ 
hash values of the content file CF, the key file KF, and 
the price tag data 312, respectively, by using the private 
key data Ksp p of the service provider 310. 

50 [0780] The signature data SIGe2,sp 's used for verify- 
ing the integrity of the sender of the content file CF, the 
signature data SIGgg gp is used for verifying the sender 
of the key file KF, and the signature data SIGg^gp is 
used for verifying the creator and the sender of the price 

55 tag data 312. 

[0781 ] The service provider 31 0 then creates the se- 
cure container 304 in which the content file CF and the 
signature data SlGg ^p ancl SlGg2.sp therefor, shown in 
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Fig. 84A, the key file KF and the signature data SIG7 cp 
and SlGga ESC therefor, shown In Fig. 84B, the price tag 
data 312 and the signature data SIGg4SP therefor, 
shown in Fig. 84C, and the public-key certificate data 
CERsp and the signature data SlGg^ ^qc therefor and 5 
the public-key certificate data CER^p and the signature 
data SIG^ ESC therefor, shown in Fig. 84D, are stored, 
and then stores the created secure container 304 in a 
secure container database. 

[0782] The secure container 304 stored in the secure 10 
container database is centrally nnanaged by the service 
provider 310 by using, for example, the content ID. 
[0783] Fig. 84A illustrates the configuration of the con- 
tent file CF when a DSP is used as an A/V compression/ 
decompression device for decompressing the content is 
data C. The DSP decompresses the content data C 
within the secure container 104, and also embeds and 
detects digital watermark information by using A/V de- 
compression software and a digital watennark informa- 
tion module within the secure container 304. This ena- 20 
bles the content provider 301 to employ a desired com- 
pression method and a digital-watermark embedding 
method. 

[0784] If hardware or prestored software is used as 
an AN compression/decompression device for decom- 25 
pressing the content data C and for embedding and de- 
tecting digital watennark information, the A/V decom- 
pression software and the digital watermark information 
module may not be stored within the content file CP, 
[0785] Then, in step 883-4, the service provider 310 30 
reads the secure container 304 from the secure contain- 
er database In responseto a request from the user home 
network 303. 

[0786] In this case, the secure container 304 may be 
a composite container in which a plurality of content files 35 
CF and a plurality of corresponding key files KF are 
stored. For example, in a single secure container 304, 
a plurality of content files CF concerning a piece of mu- 
sic, a video clip, a word card, a liner note, and a jacket 
may be stored. The plurality of content files CF may be 40 
stored within the secure container 304 in a directory 
structure. 

[0787] If the secure container 304 is sent via a digital 
broadcast, the MHEG protocol is employed. If the se- 
cure container 304 is sent via the Intemet, the XhAU 45 
SMIL/HTML protocol is employed. 
[0788] In this case, the content file CF and the key file 
KF within the secure container 104 are stored in a pre- 
determined layer of a communication protocol which is 
employed between the service provider 31 0 and the us- so 
er home network 303 without being dependent on the 
coding method, such as the MHEG or HTML protocol. 
[0789] For example, if the secure container 304 is 
sent via a digital broadcast, as shown in Fig. 85, the con- 
tent file CF is stored as MHEG content data within a ss- 
MHEG object. 

[0790] A MHEG object which is a moving picture is 
stored in a packetized elementary stream {PES)-video 



in the transport layer protocol, a MHEG object which is 
sound is stored in PES-audio in the transport layer pro- 
tocol, and a MHEG object which is a still Image is stored 
in Private-Data. 

[0791] The key file KF, the price tag data 312, and the 
public-key certificate data CER^p, CERgp are stored, 
as shown in Fig. 86, in entitlement control message 
(ECM) within a TS packet of the transport layer protocol. 
[0792] The content file CF. the key file KF, the price 
tag data 312, and the public-key certificate data CERcp. 
CERgp are linked by the directory stmcture data DSD^ 
within the header of the content file CF. 
[0793] The service provider 31 0 then supplies the se- 
cure container 304 to the user home network 303 online 
and/or offline. 

[0794] If the secure container 304 is distributed to the 
network device 360^ of the user home network 303, the 
sen/ice provider 31 0 encrypts the secure container 304 
by using the session key data Kses after performing mu- 
tual authentication, and then distributes it to the networl< 
device 360^ via a network. 

[0795] If the secure container 304 is broadcast via a 
satellite, the service provider 310 encrypts the secure 
container 304 with scrambling key data Kqcr. The 
scrambling key data Kqcr 's also encrypted with work 
key data K^, and the work key data K^ is encrypted 
with master key data K^. 

[0796] The service provider 310 then sends the 
scrambling key data Kqcr and the work key data K^ 
together with the secure container 304 to the user home 
network 303 via a satellite. The service provider 31 0 al- 
so distributes the master key data K^ by storing It In, for 
example, an IC card, to the user home network 303 of- 
fline. 

[0797] Upon receiving the SP purchase log data 309 
concerning the content data C from the user home net- 
work 303, the service provider 310 stores it. 
[0798] In determining future services, the service pro- 
vider 310 refers to the SP purchase log data 309, The 
service provider 310 also analyzes, based on the pur- 
chase log data 309, the user's favorites of the SAMs 
305^ through 3064 which have sent the SP purchase log 
data 309, and then creates user favorite filer data 900 
and sends It to the CA module 311 of the user home 
network 303. 

[0799] The service provider 31 0 or a service-provider 
related organization registers in the EMD service center 
302 Offline, and acquires a globally unique identifier 
SP_ID by using an ID certificate of the service provider 
310 or a bank account for perfonning settlement 
processing. 

[0800] The service provider 310 also authorizes the 
price tag data 312 by registering it in the EMD service 
center 302. 

[EMD service center 302] 

[0801] As discussed above, the EMD service center 
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302 serves as a certifying authority (CA), a key manage- 
ment authority, and a rights processing (rights clearing) 
authority. 

[0802] Fig. 87 illustrates the major functions of the 
EMD service center 302. The EMD service center 302 
perfomns processing, as illustrated in Fig. 87, such as 
supplying the license key data to the content provider 
301 and the SAMs 305-j through 3064, issuing the pub- 
lic-key certificate data CERcp, CERgp, and CERsami 
through CERg^^^^, creating the key file KF, and settle- 
ment processing (profits distribution) based on the us- 
age log data 308. 

[0803] Among the above-described functions, supply- 
ing the license key data, issuing the public-key certifi- 
cate data CERcp and CERsami through CERsam4« ^"^^1 
creating the key file KF are similar to those of the EMD 
service center 1 02 of the first embodiment. 
[0804] Unlike the EMD service center 102, however, 
the EMD service center 302 issues the public-key cer- 
tificate data CERgp of the service provider 31 0, and also 
distributes, based on the usage log data 308, the profits 
obtained by the purchase of the content data C in the 
SAMs 305^ through 3064 to the content provider 301 , 
content-provider rights holders, the service provider 
310, and service-provider rights holders. 
[0805] The contents of the usage log data 308 may 
be those shown in Fig. 21 . 

[0806] The EMD service center 302 also creates the 
user favorite filter data 900 for selecting content data C 
according to the user's favorites of the SAMs 305^ 
through 3064 which have sent the usage log data 308, 
and sends it to the SAMs 305^ through 3064 via the SAM 
manager 149. 

[User home network 303] 

[0807] The user home network 303 includes, as 
shown in Fig. 82, the network device 360^ and the AA/ 
machines 36O2 through 36O4. 

[0808] The network device 360^ integrates the CA 
module 311 and the SAM 305^ therein. The AA/ ma- 
chines 36O2 through 36O4 integrate the SAMs 3063 
through 3054, respectively. The SAMs 305^ through 
3054 are connected to each other via the bus 191, such 
as a 1394-serial interface bus. 

[0809] The AA/ machines 36O2 through 36O4 may be 
provided with a network communication function, 
though it is not essential. If a network communication 
function is not provided, the AA/ machines 36O2 through 
36O4 may simply use the network communication func- 
tion of the network device 360^ via the bus 191 , Alter- 
natively, the user home network 303 may include only 
A/V machines without a network function. 
[0810] Details of the networi< device 360-, are as fol- 
lows. 

[0811] Fig. 88 is a block diagram illustrating the net- 
work device 360^. The network device 360i Includes, 
as shown in Fig. 88, the communication module 162. 



the CA module 311, a decoding module 905, the SAM 
305i, the AA/ compression/decompression SAM 163, 
the operation unit 165, the download memory 167, the 
playback module 169, the external memory 201 , and the 

5 host CPU 810. The same elements as those shown in 
Fig. 22 are designated with like reference numerals. 
[0812] The communication module 162 performs 
processing for communicating with the service provider 
310. More specifically, the communication module 162 

10 outputs the secure container 304 received from the 
sen/ice provider 310 via, for example, a satellite broad- 
cast, to the decoding module 905. The communication 
module 1 62 also outputs the user favorite filter data 900 
received from the service provider 31 0 via, for example, 

^5 a telephone line, to the CA module 311, and also sends 
the SP purchase log data 309 received from the CA 
module 311 to the service provider 31 0.via, for example, 
a telephone line. 

[0813] Fig. 89 is a functional block illustrating the CA 

20 module 311 and the decoding module 905. 

[0814] The CA module 311 includes, as shown in Fig. 
89, a mutual authentication unit 906, a storage unit 907, 
an encryption/decryption unit 908, and a SP purchase 
log data generator 909. 

25 [081 5] In sending and receiving data between the CA 
module 3 1 1 and the service provider 3 1 0 via a telephone 
line, the mutual authentication unit 906 performs mutual 
authentication with the service provider 31 0 so as to cre- 
ate the session key data Kg^g and outputs it to the en- 

30 cryption/decryption unit 908. 

[0816] The storage unit 907 stores the master key da- 
ta supplied offline from the service provider 310 by 
being stored in an IC card 912 after the service provider 
31 0 has made a contract with the user. 

35 [0817] The encryption/decryption unit 908 receives 
the encrypted scrambling key data Kqcr and work key 
data Ky^ from a decoder 910 of the decoding module 
905, and decrypts the work key data Ky^ by using the 
master key data read from the storage unit 907. The 

40 encryption/decryption unit 908 then decrypts the scram- 
bling key data K^cr by using the decrypted work key 
data Ky^, and outputs it to the decoder 910. 
[0818] The encryption/decryption unit 908 also de- 
crypts the user favorite filter data 900 received from the 

45 service provider 31 0 by the communication module 1 62 
via, for example, a telephone line, by using the session 
key data Kggs ^^^^ mutual authentication unit 906, 
and outputs it to a secure-container selection unit 911 
of the decoding module 905. 

50 [0819] The encryption/decryption unit 908 decrypts 
the SP purchase log data 309 received from the SP pur- 
chase log data generator 909 by using the session key 
data Ks^s from the mutual authentication unit 906, and 
sends it to the service provider 31 0 via the communica- 

55 tion module 162, 

[0820] The SP purchase log data generator 909 gen- 
erates the SP purchase log data 309 indicating the pur- 
chase log of the content data C unique to the service 
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provider 310 based on the operation signal S165 ob- 
tained by perfomning the user's operation on the opera- . 
tion unit 165 shown in Fig. 88, or based on the UCS data 
1 66 from the SAM 305^ . The SP purchase log data gen- 
erator 909 then outputs the SP purchase log data 309 s 
to the encryption/decryption unit 908. 
[0821] The SP purchase log data 309 includes Infor- 
mation on distribution services of the service provider 
310 reflecting the user's opinion, a monthly basic fee 
(incurred by using a network), contract (update) infer- io 
matlon, and purchase log information. 
[0822] The C A module 31 1 communicates with an ac- 
count database of the service provider310, if the service 
provider 310 has an accounting function, a client man- 
agement database, and a marketing infomnation data- is 
base. In this case, the CA module 311 sends account 
data for distribution services of the content data to the 
service provider 310. 

[0823] The decoding module 905 includes the decod- 
er 91 0 and the secure-container selection unit 91 1 . 20 
[0824] The decoder 910 receives the encrypted se- 
cure container 304, the scrambling key data K^q^, and 
the work key data from the communication module 
162. The decoder 910 then outputs the encrypted 
scrambling key data Kscr and the work key data Kyv to 25 
the encryption/decryption unit 908 of the CA module 31 1 
and receives the decrypted scrambling key data Kscr 
from the encryption/decryption unit 908. The decoder 
910 also decrypts the encrypted secure container 304 
by using the scrambling key data Kscri and then outputs 30 
it to the secure-container selection unit 911 . 
[0825] If the secure container 304 Is sent from the 
service provider 31 0 according to the MPEG2 transport 
stream method, the decoder 910 extracts the scram- 
bling key data Kqcr from the ECM of the TS Packet, and 35 
extracts the work key data from the EMM. 
[0826] The ECM-also contains program attribute In- 
formation of each channel. The EMM also contains 
demonstration contract information of each user (view- 
er). 40 
[0827] The secure-container selection unit 911 filters 
the secure container 304 received from the decoder 91 0 
by using the user favorite filter data 900 received from 
the CA module 311 so as to select the secure container 
1 04 according to the user's favorite, and outputs it to the 
SAM 305-,. 

[0828] The SAM 305^ is discussed In detail below. 
[0829] The functions and the structure of the SAM 
305^ are basically similar to those of the SAM 105^ of 
the first embodiment described with reference to Figs, so 
22 through 72, except that it performs processing for not 
only the content provider 301, but also for the service 
provider 310, such as checking the signatures for the 
service provider 310. 

[0830] The SAMs 305^ through 3054 are modules for ss 
performing accounting for each content and communi- 
cating with the EMD service center 302. 
[0831] The configuration of the user home network 



1 04 shown In Fig. 63 is applicable to the devices within 
the user home network 303. The configurations of the 
rights processing SAM, the medium SAM 133, the AA/ 
compression/decompression SAM 163, and the medi- 
um drive SAM 260 described with reference to Figs. 68 
to 79 are applicable to the SAMs 305^ through 3064 
within the user home network 303. 
[0832] The SAMs 3052 through 3054 basically have 
the same. functions as the SAM 305-,. 
[0833] Details of the functions of the SAM 305., are as 
follows. 

[0834] Fig. 90 is a block diagram illustrating the func- 
tions of the SAM 305-,, and also illustrates the flow of 
data relating to processing for receiving the secure con- 
tainer 304 from the service provider 31 0. 
[0835] The SAM 305., includes, as shown in Fig. 90, 
a mutual authentication unit 170, encryption/decryption 
units 171, 1 72, and 1 73, a download memory manager 
182, an A/V compression/decompression SAM manag- 
er 184, an EMD service center manager 185, a usage 
monitor 186, a SAM manager 190, a storage unit 192, 
a medium SAM manager 197, a work memory 200, a 
service provider manager 580, an accounting processor 
587, a signature processor 589, an external memory 
manager 811, and a CPU 1 1 00. 

[0836] As in the case of the SAM 1 05.j , predetermined 
function of the SAM 305^ shown In Fig. 90 are imple- 
mented by executing the private program by the CPU. 
[0837] In Fig. 90, the same functional blocks as those 
shown in Fig. 30 are designated with like reference nu- 
merals. 

[0838] In the external memory 201 shown in Fig. 88, 
the usage log data 308 and the SAM registration list are 
stored by executing the processing discussed in the first 
embodiment and processing, which is discussed below. 
[0839] In the work memory 200, as shown in Fig. 91 , 
the content key data Kc, the UCP data 1 06, the lock key 
data Kloc of the storage unit 1 92, the public-key certif- 
icate data CERcp of the content provider 301 , the pub- 
lic-key certificate data CERgp of the service provider 
310, the UCS data 166, the SAM program download 
containers SDC^ through SDC3, and the price tag data 
312. 

[0840] Among the functional blocks of the SAM 305^, 
only the functional blocks unique to the second embod- 
iment in Fig. 90 are explained below. 
[0841] The signature processor 589 verifies the sig- 
nature data within the secure container 304 by using the 
public key data K^sq p of the EMD service center 302, 
the public key data Kcp.p oi the content provider 301 , 
and the public key data Ksp,p of the service provider 31 0, 
ail of which are read from the storage unit 192 or the 
work memory 200. 

[0842] When the CPU 1100 receives the internal in- 
terrupt S81 0 from the host CPU 81 0 in accordance with 
the user's operation, as shown in Fig. 92 , the accounting 
processor 587 perfomis accounting processing under 
the control of the CPU 1 1 00 In accordance with the con- 
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tent purchase and usage modes of the content based 
on the price tag data 312 read from the work memory 
200. 

[0843] The price tag data 312, which indicates the 
sales price of the content data to the user, Is output to 5 
the exterior of the SAM 305^ via predetermined output 
means in determining the purchase mode of the content 
data by the user. 

[0844] The accounting processing by the accounting 
processor 587 is executed based on the contents of 
rights, such as the licensing agreement conditions indi- 
cated by the UCP data 1 06, and the DCS data 1 66, un- 
der the monitoring of the usage monitor 1 86. That Is, the 
user is able to purchase and utilize the content within 
the allowances of the rights. 

[0845] In performing the accounting processing, the 
accounting processor 587 creates or updates the usage 
log data 308, and writes it into the external memory 201 
via the external memory manager 811 . 
[0846] The usage log data 308, as well as the usage 
log data 108 used In the first embodiment, is used for 
determining the payment of the license fee for the se- 
cure container 304 by the EMD service center 302. 
[0847] The accounting processor 587 also creates the 
DCS data 166 indicating the purchase and usage 
modes of the content detenmined by the user under the 
control of the CPU 1100, and writes it into the work mem- 
ory 200. 

[0848] The purchase modes of the content include 
"sell through" In which no restriction Is imposed on play- 
back operation by the purchaser and copying for the use 
of the purchaser, "pay per play" in which charging incurs 
every time the content is played back, and so on. 
[0849] The UCS data 1 66 Is created upon determining 
the purchase mode by the user, and is used for control- 
ling the use of the content to make sure that the user 
utilizes the content with In the allowances of rights. In the 
UCS data 166, the content ID, the purchase mode, the 
sell through price, the SAMJD of the SAM which has 
purchased the content, the USERJD of the user who 
has purchased the content, and so on. 
[0850] If the detemnined purchase mode is "pay per 
play", "pay per SCMS", or "pay per copy N without copy 
guard", the SAM 305^ sends the UCS data 166 to the 
service provider 310 in real time, and the service pro- 
vider 31 0 instructs the EMD service center 302 to obtain 
the usage log data 308 from the SAM 305^. 
[0851] If the detennined purchase mode is "sell 
through", the UCS data 166 Is sent to the service pro- 
vider 310 and the EMD service center 302 in real time. 
[0852] In the SAM 305^, as illustrated In Fig. 90, the 
user favorite filter data 900 received from the EMD serv- 
ice center 302 via the EMD service center manager 1 85 
is output to the service provider manager 580. Then, in 
the service provider manager 580, the secure container 
304, which has been received from the decoding mod- 
ule 905 shown in Fig. 89 and filtered based on the user 
favorite filter data 900, is selected, and the selected se- 



cure container 304 is output to the download memory 
manager 1 82. This enables the SAM 305-, to select the 
content data C according to the user's favorite, based 
on the purchase of the content data C, obtained from all 
the service providers 310 which have made a contract 
with the user. 

[0853] The flows of the processes within the SAM 
305^ are as follows. 

Processing to be executed when receiving license key 
data 

[0854] The flow of the process within the SAM 305^ 
for storing the license key data KD^ through KD3 re- 
ceived from the EMD service center 302 in the storage 
unit 192 Is similar to that of the first embodiment dis- 
cussed with reference to Fig. 36. 

Processing to be executed when receiving the secure 
container 304 from the service provider 31 0 

[0855] The flow of the process within the SAM 305^ 
when receiving the secure container 304 from the serv- 
ice provider 310 Is described below with reference to 

Fig. 93. 

[0856] In the following example, in the SAM 305^ , var- 
ious types of signature data are checked when receiving 
the secure container 304. However, the signature data 
may be checked when determining the purchase and 
usage modes rather than when receiving the secure 
container 304. 

[0857] In step. S93-0, the CPU 11 00 of the SAM 306^ 
shown In Fig. 90 receives from the host CPU 810 the 
Intemal Interrupt S810 indicating an instruction to per- 
form processing for receiving the secure container 
[0858] In step S93-1 , the mutual authentication unit 
1 70 of the SAM 305^ shown in Fig. 90 performs mutual 
authentication with the service provider 310. 
[0859] Then, in step S93-2, the mutual authentication 
unit 1 70 of the SAM 305^ conducts mutual authentica- 
tion with the medium SAM 167a of the download mem- 
ory 167. 

[0860] In step 593-3, the secure container 304 re- 
ceived from the sen/ice provider 310 Is written into the 
download memory 1 67. Simultaneously, the secure con- 
tainer 304 is encrypted in the mutual authentication unit 
1 70, and is decrypted In the medium SAM 1 67a by using 
the session key data obtained in step S93-2. 
[0861] In step S93-4, the SAM 305i decodes the se- 
cure container 304 by using the session key data ob- 
tained in step S93-1. 

[0862] Subsequently, In step S93-5, the signature 
processor 589 verifies the signature data SIGgi 
shown in Fig. 84D, and then verifies the Integrity of the 
signature data SlG62,sP' SIGgs sp, and SIG64,sp by us- 
ing the public key data K3P p of the service provider 31 0 
stored in the public-key certificate data CERsr shown 
In Fig. 84D. 
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[0863] When verifying the integrity of the signature 
data S1G62.SP. the integrity of the sender of the content 
file CF is verified. When verifying the integrity of the sig- 
nature data SIGe3 sp, the integrity of the sender of the 
key file KF is verified. When verifying the integrity of the 
signature data SIG64 sp. ^^he Integrity of the creator and 
the sender of the price tag data 31 2 is verified. 
[0864] In step S93-6, the signature processor 589 ver- 
ifies the signature data SIG^ gsc shown in Fig. 84D, and 
then, verifies the signature data SiGg S\Gj by 

using the public key data K^pp of the content provider 
301 stored in the public-key certificate data CER^p 
shown in Fig. 84D. 

[0865] When verifying the integrity of the signature 
data SlGg CP, the integrity of the creator and the sender 
of the content file CF is verified. When verifying the in- 
tegrity of the signature data SIG7 ^p, the sender of the 
key file KF is verified. 

[0866] In step 93-7, the signature processor 589 
checks the signature data SIGki ^sc within the key file 
KF shown in Fig. 84B by using the public key data 
Kgsc.p from the storage unit 1 92 so as to verify the 
integrity of the creator of the key file KF and the official 
registration of the key file KF in the EMD service center 
302. 

[0867] Then, in step S93-8, the encryption/decryption 
unit 1 72 decrypts the content key data Kc, the UCP data 
1 06, and the SAM program download containers SDC^ 
through SDC3 within the key file KF shown In Fig. 84B 
by using the license key data KD^ through KD3 of cor- 
responding periods read from the storage unit 192, and 
writes them into the work memory 200. 
[0868] In step S93-9, the CPU 1100 detemiines 
whether the above-described processing for receiving 
the secure container has been correctly perfonned, and 
reports the corresponding infonnation to the host CPU 
810 through an external interrupt. 
[0869] Alternatively, the CPU 11 00 may set a flag in 
the SAM status register indicating whether the above- 
described processing is suitably perfonned, and the 
host CPiJ 810 may-read the flag by polling. 

Processing for detennininq the purchase mode of 

downloaded secure container 

[0870] The processing for determining the purchase 
mode of the downloaded secure container is basically 
similar to that perfonned by the SAM 105^ of the first 
embodiment described with reference to Fig. 38. Ac- 
cording to this processing, the key file KF^ shown in Fig. 
97C, which is discussed later, is stored in the download 
memory 167 via the work memory 200 and the down- 
load memory manager 1 82. 

Playback processing of content data 

[0871] The playback processing of the content data 
C, for which the purchase mode is determined, stored 



in the download memory 167 is basically similar to the 
processing performed by the SAM 1 05^ of the first em- 
bodiment described with reference to Fig. 40. 

5 Processing to be executed when the DCS data 166 of 
one machine is utilized for re-purchasing the content in 
another machine 

[0872] After determining the purchase mode of the 
10 content file CF downloaded into the download memory 
167 of the network device 360^, as shown In Fig. 94, a 
new secure container 304x storing the content file CF is 
created, and is transferred from the SAM 305^ to the 
SAM 3052 of the AA/ machine 36O2 via the bus 1 9 1 . This 
15 processing in the SAM 305^ is discussed below with ref- 
erence to Figs. 95 and 96. 

[0873] The processing Indicated by the flow chart of 
Fig. 96 is executed, assuming that the key file KF^ and 
the hash value H^i therefor shown in Fig. 97C are stored 

20 in the work memory 200 of the SAM 305^ according to 
the above-described purchase processing. 
[0874] In step S96-1, according to the user's opera- 
tion on the operation unit 1 65 shown in Figs. 88 and 94, 
the interna! interrupt S810 making an instruction to 

25 transfer the secure container, for which the purchase 
mode is determined, to the SAM 3052 output from the 
host CPU 810 to the CPU 1100 shown in Fig. 95. The 
accounting processor 587 updates the usage log data 
308 stored in the external memory 201 according to the 

30 detennined purchase mode under the control of the 
CPU 1100. 

[0875]. In step S96-2, the SAM 305^ checks the SAM 
registration list discussed in the first embodiment so as 
to determine whether the SAM 3052, which receives the 
35 secure container, is officially registered. If so, the SAM 
305-, executes processing of step S96-3. The SAM 305^ 
also determines whether the SAM 3052 is a SAM within 
the user home network 303. 

[0876] Then, in step S96-3, the mutual authentication 
40 unit 1 70 shares the session key data Kqes obtained by 
mutual authentication with the SAM 3052- 
[0877] In step S96-4, the SAM manager 1 90 reads the 
content file CF and the signature data SIGg^p and 
SIG7 CP shown in Fig. 84A from the download memory 
45 211 , and causes the signature processor 189 to create 
the signature data SIG4^ 3;^^^^ by using the private key 
data KsAMi the SAM 305^. 

[0878] In step S96-5, the SAM manager 1 90 reads the 
key file KF and the signature data SIG7 cp and SIGgs sp 
50 shown in Fig. 84B from the download memory 21 1 , and 
causes the signature processor 589 to create the signa- 
ture data SIG42,sAMi using the pnvate key data 
Kqami the SAM 305 1. 

[0879] Thereafter, in step S96-6, the SAM manager 
55 190 creates the secure container 304x shown In Figs. 
97A through 97E. 

[0880] In step S96-7, the encryption/decryption unit 
171 encrypts the secure container 304x shown in Figs. 
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97A through 97E by using the session key data Kses 
obtained in step S96-3. 

[0881] Then, in step S96-8, the SAM manager 190 
outputs the secure container 304x to the SAM 3052 
the AA/ machine 36O2 shown in Fig. 94. In this case, not 5 
only mutual authentication between the SAMs 305^ and 
3062, but also mutual authentication of the bus 191, 
which Is an IEEE-1394 serial bus, is performed. 
[0882] In step S96-9, the CPU 1100 determines 
whether the above-described processing for transfer- 10 
hng the secure container 304x has been correctly per- 
formed, and reports the corresponding information to 
the host CPU 810 through an external interrupt. 
[0883] Alternatively, the CPU 11 00 may set a register 
in the SAM status register indicating whether the above- ^5 
described processing has been precisely performed, 
and the host CPU 810 may read the flag by polling. 
[0884] A description is now given, with reference to 
Figs. 98, 99, and 100, of the flow of the process within 
the SAM 3052 when writing the secure container 304x 20 
shown in Figs. 97A through 97E input from the SAM 
305^ into the recording medium (RAM) 1304, as shown 
in Fig. 94. 

[0885] Figs. 99 and 100 are a flow chart Illustrating 
the above-described processing. The recording medi- 25 
um (RAM) 1304 includes, as shown in Fig. 14, the un- 
secured RAM area 134, the medium SAM 133, and the 
secure RAM area 132. 

[0886] In step S99-0, the CPU 1100 of the SAM 3052 
shown in Fig. 98 receives from the host CPU 810 the 30 
intemal interrupt S810 indicating an instruction to record 
the received secure container, for which the purchase 
mode is determined, on a recording medium. 
[0887] Then , In step S99-1 , the SAM 3052 checks the 
SAM registration list to determine whether the SAM 35 
3051 , which has sent the secure container, is officially 
registered. If so, the SAM 3052 executes step S99-2, 
The SAM SOSg also detemiines whether the SAM 305^ 
is a SAM within the user home network 303. 
[0888] In step S99-2, as the processing correspond- 40 
ing to step S96-3, the SAM 3052 shares the session key 
data KsEs obtained by performing mutual authentication 
with the SAM 305^. 

[0889] Then, in step S99-3, the SAM manager 1 90 of 
the SAM 3052 receives, as shown in Fig. 94, the secure 
container 304x from the SAM 305^ of the network device 
360i. 

[0890] In step S99-4, the encryption/decryption unit 
1 71 decrypts the secure container 304x received via the 
SAM manager 1 90 by using the session key data Kq^q so 
shared in step S99-2. 

[0891] Subsequently, in step S99-5, the content file 
CF within the decrypted secure container 304x under- 
goes processing, such as sectorizing, adding a sector 
header, scrambling, ECC encoding, modulating, and ss 
synchronizing, by the medium drive SAM 260 shown in 
Fig. 94, and is then recorded on the RAM area 134 of 
the recording medium (RAM) I3O4. 



[0892] In step S99-6, the signature data SIGq cp. 
SIG62.SP. 3nd SIG4-1 sAM^ within the secure container 
304x decrypted with the session key data Ksgsi key 
file KF and the signature data SIGy ^p, SIG^ssp, and 
SIG42 SAM1 ' *^®y ^^^^ value H^^ , the 

public key signature data CER3P and signature data 
SIGg^ .ESC' public key signature data CER^p and sig- 
nature data SIGi^3Q, and the public key signature data 
CER3AM1 and signature data SIG22.ESC written into 
the work memory 200. 

[0893] In step S99-7, in the signature processor 589, 
the signature data SIGg^^sc, ^^^i.esc. ^'^22.esc 
read from the work memory 200 is checked by using the 
public key data K^scp read from the storage unit 192 
so as to verify the integrity of the public-key certificate 
data CERgp, CER^p, and CERg^,^!. 
[0894] Then, in the signature processor 589, the in- 
tegrity of the signature data SIGg 's verified by using 
the public key data K^p p stored in the public-key certif- 
icate data CERcp so as to verify the integrity of the cre- 
ator of the content file CF Also in the signature proces- 
sor 589, the integrity of the signature data SIGgg.sp 
verified by using the public key data Kgpp stored in the 
public-key certificate data CERgp so as to verify the in- 
tegrity of the sender of the content file CF. The signature 
processor 589 verifies the integrity of the signature data 
SIG4^ SAM1 by using the public key data Ks^mi.p stored 
in the public-key certificate data CERg;^,^^ so as to verify 
the integrity of the sender of the content file CF 
[0895] In step S99-8, in the signature processor 589, 
the integrity of the signature data SIG7 cp, SIGgs sp, and 
SIG42 

SAM1 Stored in the work memory 200 is verified by 
using the public key data K^pp, K^pp, and Ksami.p 
stored in the public-key certificate data CER^p, CERsp, 
and CERsAMi' respectively. 

[0896] Then, in step S99-9, in the signal processor 
589, the integrity of the signature data S\Gy^^ stored 
in the key file KF shown in Fig. 97B is verified by using 
the public key data K^scp read from the storage unit 
1 92 so as to verify the integrity of the creator of the key 
file KR 

[0897] In step S99-10, the signature processor 589 

checks the integrity of the hash value H^i so as to verify 
the integrity of the creator and the sender of the key file 
KF,. 

[0898] In this embodiment, the creator and the sender 
of the key file KF, are the same. However, if they are 
different, signature data for the creator and signature 
data for the sender are created, and the integrity of both 
signature data is verified in the signal processor 589. 
[0899] In step S99-11, the usage monitor 186 starts 
to control the purchase and usage modes of the content 
data C by using the UCS data 166 stored in the key file 
KF, decrypted In step S99-10. 

[0900] Then, in step S99-12, the user determines the 
purchase mode by operating the operation unit 1 65, and 
the corresponding operation signal SI 65 is output to the 
accounting processor 587. 
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[0901] In step S99-13, the accounting processor 587 
updates the usage log data 308 stored in the external 
memory 201 based on the operation signal SI 65. The 
accounting processor 587 also updates the UCS data 
166 according to the determined purchase mode every s 
time the purchase mode of the content data C is deter- 
mined. 

[0902] Subsequently, in step 899-14, the encryption/ 
decryption unit 173 encrypts the UCS data 166 gener- 
ated in step 899-1 2 by sequentially using the storage io 
key data Kgyp the medium key data K(^ed» purchas- 
er key data Kpi^ read from the storage unit 192, and 
outputs the encrypted UCS data 166 to the medium 
drive SAM manager 865. 

[0903] In step S99-15, the medium drive SAM man- ^5 
ager 855 performs processing, such as sectorizing, add- 
ing a sector header, scrambling, ECC encoding, modu- 
lating, and synchronizing, on the key file KF^ in which 
the new UCS data 166 is stored, and records it on the 
secure RAM area 132 of the recording medium (RAM) 20 
13O4. 

[0904] Thereafter, in step S99-16, the key file KF is 
read from the work memory 200, and is written into the 
secure RAM area 132 of the recording medium (RAM) 
13O4 by the medium drive SAM 260 shown in Fig. 94 via 25 
the medium drive SAM manager 855. 
[0905] In step S99-17, the CPU 1100 detemnines 
whether the above-described processing has been cor- 
rectly performed, and reports the corresponding infor- 
mation to the host CPU 810 through an external inter- 30 
rupt. 

[0906] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 81 0 may read the flag by polling. 35 
[0907] The processing for determining the purchase 
mode of the content data by a recording medium (ROM) , 
and the processing for writing the content data into a 
recording medium (RAM) after the purchase mode of 
the content data is determined by a recording medium 40 
(ROM) are similar to those performed by the SAM 305-, 
of the first embodiment, except that the signature data 
SIGsp attached by using the private key data Ksp,p by 
the sen^ice provider 310 is checked. 

[0908] A method for implementing the SAM 305^ is ^5 
similar to that of the SAM 105^ of the first embodiment. 
[0909] The configuration of the user home network 
103 discussed in-the first embodiment is applicable to 
the devices employed in the user home network 303, In 
this case, the configurations of the first embodiment dis- so 
cussed with reference to Figs. 64 through 79 are appli- 
cable to the circuit modules of the SAM 305^, the AA/ 
compression/decompression SAM 163, the medium 
drive SAM 260, and the medium SAM 133. 
[0910] Similarly, the security functions described with ss 
reference to Fig. 62 are applicable to those of the EMD 
system 300, except for the content provider 101 is sub- 
stituted with the service provider 310. 



[091 1 ] The connection models of the various devices 
in the user home network 303 are as follows. 
[0912] Fig. 1 01 illustrates an example of the connec- 
tion models of the devices in the user home network 
303. 

[0913] Asshownin Fig. 101, the network device 360.,, 
and the AA/ machines 36O2 and 36O3 in the user home 
network 303 are connected to each other via the lEEE- 
1394 serial bus 191 . 

[0914] The network device 360., includes the external 
memory 201 , the SAM 3051 , the CA module 31 1 , the A/ 
V compression/decompression SAM 163, and the 
download memory 1 67. 

[0915] The CA module 311 communicates with the 
service provider 31 0 via a network, such as a public line. 
The SAM 305^ communicates with the EMD service 
center 302 via a network, such as a public line. As the 
download memory 1 67, a Memory Stick provided with 
the medium SAM 167a or a hard disk drive (HDD) may 
be used. The download memory 1 67 stores the secure 
container 304 downloaded from the service provider 
310. 

[0916] Each device integrates a plurality of AA/ com- 
pression/decompression SAMs 163 compatible with 
various compression/decompression methods, such as 
ATRAC3 and MPEG. 

[091 7] The SAM 305^ Is able to communicate with the 
contact-type or non-contact-type IC card 1141. The IC 
card 1141 stores various types of data, such as a user 
ID, and is used for performing user authentication in the 
SAM 305 V 

[0918] The A/V machine 36O2 is, for example, a stor- 
age device, and after performing predetennined 
processing between the SAMs 305., and 3053, the se- 
cure container received from the network device 3601 
via the IEEE-1394 serial bus 191 is recorded on the re- 
cording medium 130. 

[0919] Likewise, the A/V machine 36O3 is, for exam- 
ple, a storage device, and after perfonning predeter- 
mined processing between the SAMs 3063 and 3063, 
the secure container received from the /W machine 
36O2 via the IEEE-1394 serial bus 191 is recorded on 
the recording medium 130. 

[0920] In the example shown in Fig. 1 01 , the medium 

SAM 133 is loaded on the recording medium 130. How- 
ever, if the medium SAM 1 33 is not provided for the re- 
cording medium 130, mutual authentication between 
the SAMs 3052 ^^^3 performed by using the me- 
dium drive SAM 260 indicated by a one-dot chain rec- 
tangle in Fig. 101 . 

[0921] The overall operation of the EMD system 300 
shown in Fig. 82 is described below with reference to 
Figs. 102 and 103. 

[0922] In this case, the secure container 304 is sent 
online from the service provider 310 to the user home 
network 303 by way of example. The processing shown 
in Figs. 102 and 103 is executed, assuming that the reg- 
istration of the content provider 301 , the service provider 
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31 0, and the SAMs 305-, through 3054 in the EMD serv- 
ice center 302 is completed. 

[0923] Referring to Fig. 102, in step S21, the EMD 
service center 302 sends to the content provider 301 the 
public key certificate C ER^p of the public key data K^pp 
of the content provider 301 together with the signature 
data SlGi 

ESC ElVID service center 302. 
[0924] The EMD service center 302 also sends to the 
service provider 31 0 the public key certificate CERsp of 
the public key data Kgp p of the service provider 31 0 to- 
gether with the signature data SIGqi esc ^MD 
service center 302. 

[0925] The EMD service center 302 also sends the 
license key data KD^ through KD3 for three months, 
each having a one-month effective period, to the SAMs 
305^ through 3064 of the user home network 303. 
[0926] In step 522, after performing mutual authenti- 
cation, the content provider 301 authorizes the UCP da- 
ta 1 06 and the content key data Kc by registering them 
in the EMD service center 302. The EMD service center 
302 creates the key file KF for six months shown in Fig. 
3B, and sends it to the content provider 301 . 
[0927]^ Then, in step S23, the content provider 301 
creates the content file CF and the signature data 
QP shown in Fig. 3A, and the key file KF and the 
signature data SIG7 cr shown in Fig. 3B, and provides 
the secure container 104 in which the above-described 
files and signature data, and the public-key certificate 
data CERcp and the signature data SIG^ ^sc stored 
to the service provider 310 online and/or offline. 
[0928] In step S24, after checking the signature data 
SIG^ ESC shown in Fig. 3C, the service provlder310 ver- 
ifies the integrity of the signature data SlGg.cp and 
S IG^ CP shown in Figs. 3A and 3B, respectively, by using 
the public key data K^pp stored in the public-key certif- 
icate data CERqp, thereby verifying that the secure con- 
tainer 1 04 has been sent from the legal content provider 
301. 

[0929] Subsequently, in step S25, the service provid- 
er 31 0 creates the price tag data 31 2 and the signature 
data SlGg4 3p so as to generate the secure container 
304 shown in Fig. 87 in which the above-described data 
is stored. 

[0930] In step S26, the service provider 310 authoriz- 
es the price tag data 312 by registering it in the EMD 
service center 302. 

[0931] In step S27, the service provider 31 0 sends the 
secure container 304 created in step S25 to the decodr 
ing module 905 of the network device 360^ shown in Fig. 
89 online or offline in response to, for example, a request 
from the CA module 31 1 of the user home network 303. 
[0932] Then, In step S28, the CA module 311 creates 
the SP purchase log data 309 and appropriately sends 
it to the service provider 310. 

[0933] Referring to Fig. 103, in step S29, after verify- 
ing the Integrity of the signature data SlGg^ ^sc shown 
in Fig. 84D, one of the SAMs 305^ through 3064 verifies 
the integrity of the signature data SIG62.SP' S'^63.sp» 



and SIG64,sp shown in Figs. 84A, 84B, and 84C, respec- 
tively, by using the public key data Kspp stored in the 
public-key certificate data CERsp, thereby determining 
whether the predetermined data within the secure con- 
5 tainer 304 has been created and sent by the legal serv- 
ice provider 310. 

[0934] Thereafter, in step 330, after verifying the in- 
tegrity of the signature data SIG^ ESC shown In Fig.84D, 
one of the SAMs 305^ through 3054 verifies the integrity 

10 of the signature data SIGg cp and SIG7 Qp shown in 
Figs. 84A and 84B, respectively, by using the public key 
data Kqpp stored in the public-key certificate data CER- 
cp thereby determining whether the content file CF with- 
in the secure container 304 has been created by the le- 

is gal content provider 301 , and whether the key file KF 
has been sent from the legal content provider 301 . 
[0935] Additionally, one of the SAMs 305., through 
3O64 verifies the integrity of the signature data 
SIGK1 ESC within the key file KF shown in Fig. 848 by 

20 using the public key data Kesc.P' thereby determining 
whether the key file KF has been created by the legal 
EMD service center 302. 

[0936] In step 831 , the user detemriines the purchase 
and usage modes of the content by operating the oper- 

25 ation unit 165 shown in Fig. 88. 

[0937] In step 832. in the SAMs 305^ through 3054, 
the usage log data 308 of the secure container 304 Is 
generated based on the internal interrupt 3810 output 
from the host CPU 810 to the SAMs 305^ through 3054 

30 in step S31 . 

[0938] The usage log data 308 and the signature data 
S1G205,SAM1 QJ"® sent from the SAMs 305^ through 3054 
to the EMD service center 302. The DCS data 166 Is 
also sent from the SAMs 305^ through 3054 to the EMD 

35 service center 302 in real time every time the purchase 
mode is determined. 

[0939] In step S33, the EMD service center 302 de- 
termines (calculates) the accounting content for each of 
the content provider 301 and the service provider 310 
40 based on the usage log data 308, and creates the set- 
tiement request data 152c and 152s based on the ac- 
counting content. 

[0940] Subsequently, in step S34, the EMD service 
center 302 sends the settlement request data 1 52c and 

45 152s together with signature data of the EMD service 
center 302 to the settlement organization 91 via the pay- 
ment gateway 90. Accordingly, the payment made by 
the user of the user home networi< 303 is distributed to 
the content provider 301 , the content rights holders, the 

50 service provider 310, and the service-provider rights 
holders. 

[0941] As described above, in the EMD system 300, 
the secure container 1 04 shown In Figs. 3A through 3C 
is distributed from the content provider 301 to the serv- 
55 Ice provider 31 0, and the secure container 304 in which 
the content file CF and the key file KFof the secure con- 
tainer 104 are stored is sent from the service provider 
31 0 to the user home network 303. The processing for 
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the key file KF is executed in the SAMs 305^ through 
3064. 

[0942] The content key data Kc and the UCP data 1 06 
stored in the key file KF are encrypted with the license 
key data KD^ through KD3, and is decrypted only in the s 
SAMs 305^ through SOS^ which hold the license key da- 
ta KDi through KD3. The SAMs 305^ through 3064 are 
tamper-resistant nnodules, which determine the pur- 
chase and usage modes of the content data C based on 
the handling policy of the content data C described in 10 
the UCP data 106. 

[0943] Consequently, according to the EMD system 
300, the content data C in the user home network 303 
can be reliably purchased and utilized based on the 
UCP data 1 06 created by the content provider 301 or a '5 
content-provider related organization, independent of 
the processing in the service provider 310. That is, in 
the EMD system 300, the UCP data 1 06 cannot be man- 
aged by the service provider 310. 

[0944] Thus, in the EMD system 300, even when the 20 
content data C is distributed to the user home network 

303 via a plurality of different service providers 310, 
rights processing for the content data C in the SAM of 
the user home network 303 can be performed based on 
the common UCP data 1 06 created by the content pro- 25 
vider301 or the content-provider related organization. 
[0945] In the EMD system 300, the files and data with- 
in the secure containers 1 04 and 304 are provided with 
signature data, which verifies the creators and the send- 
ers of the files and data.- It is thus possible for the service 30 
provider 31 0 and the SAMs 305-| through 3054 to check 
the integrity of the files and data, and the integrity of the 
creators and the senders thereof, thereby effectively 
preventing the illegal use of the content data C. 

[0946] In the EMD system 300, the secure container 35 

304 Is used for distributing the content data C from the 
service provider 310 to the user home network 303 re- 
gardless of whether It Is sent online or offline. This en- 
ables the SAMs 105i through 1064 of the user home 
network 303 to perform the same rights processing re- 40 
gardless of whether the secure container 304 is sent on- 
line or offline. 

[0947] In purchasing, utilizing, recording, and trans- 
ferring the content data C in the network device 360^ 
and the A/V machines 36O2 through 36O4 within the user 45 
home network 303, processing Is always executed 
based on the UCP data 106. Thus, rights processing 
rules in common to the whole user home networi< 303 
can be established. 

[0948] For example, as shown in Fig. 1 04, the content so 
data C provided from the content provider 301 may be 
distributed from the service provider 310 to the user 
home network 303 by any method (path), such as pack- 
age distribution, a digital broadcast, the Internet, a ded- 
icated line, a digital radio, or a mobile communication. 55 
Even if any one of the above-described methods is 
used, the common rights processing rules can be em- 
ployed in SAMs in the user home networks 303 and 



303a based on the UCP data 106 created by the content 
provider 301 . 

[0949] According to the EMD system 300, the EMD 
service center 302 has an authentication function, a key- 
data management function, and a rights processing 
(profits distribution) function. Thus, the payment made 
by the user Is reliably distributed to the content provider 
301 and the EMD service center 302 according to pre- 
determined ratios. 

[0950] Also, the UCP data 106 of the same content 
file CF supplied from the same content provider 301 is 
supplied to the SAMs 305^ through 3064, Independent 
of the services of the service provider 31 0. Accordingly, 
the content file CF can be utilized in the SAMs 305^ 
through 3064 based on the UCP data 106 at the discre- 
tion of the content provider 301 . 

[0951] That is, according to the EMD system 300, in 
providing services of the content or utilizing the content 
by the user, the rights and profits of the content provider 
301 can be reliably protected according to technical 
means without depending on an auditor organization 
725, which is conventionally required. 
[0952] The distribution protocols for, for example, the 
secure container, employed in the EMD system 300 of 
the second embodiment are as follows. 
[0953] The secure container 1 04 created in the con- 
tent provider 301 is distributed to the service provider 
310, as shown in Fig. 105, by using content-provider dis- 
tribution protocols, such as the Internet (TCP/IP) or a 
dedicated line (ATM Cell). 

[0954] The service provider 310 then distributes the 
secure container 1 04 created from the secure container 
1 04 to the user home network 303 by using service-pro- 
vider distribution protocols, such as a digital broadcast 
(XML/SMIL on MPEG-TS) the internet (XMUSMIL on 
TCP/IP), or package distribution (recording medium). 
[0955] Within the user home network 303 or 303a, or 
between the user home networks 303 and 303a, or be- 
tween the SAMs, the secure container is transferred by 
using a home electric commerce (EC)/distribution serv- 
ices (XMLySMIL on a 1394-serial bus interface) or a re- 
cording medium. 

[0956] While the present invention has been de- 
scribed with reference to what are presently considered 
to be the preferred embodiments, it is to be understood 
that the invention is not limited to the disclosed embod- 
iments. 

[0957] For example, although In the foregoing embod- 
iments the key file KF is created in the EMD service cent- 
er 1 02 or 302, it may be created in the content provider 

101 or 301. 

[0958] As Is seen from the foregoing description, the 
data processing apparatus of the present Invention of- 
fers the following advantages. Rights processing for the 
content data can be performed based on UCP data in- 
dicating the handling of the content data in a secure en- 
vironment. As a result, if the UCP data Is created by a 
content provider, profits of the content data can be sutt- 
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ably protected, and also, a load for monitoring by the 
content provider can be reduced. 
[0959] In so far as the embodiments of the invention 
described above are implemented, at least in part, using 
software-controlled data processing apparatus, it will be 
appreciated that a computer program providing such 
software control and a storage medium by which such 
a computer program is stored are envisaged as aspects 
of the present invention. 



Claims 

1. A data processing apparatus for perfonning rights 
processing of content data encrypted with content 
key data based on usage control policy data, and 
for decrypting the encrypted content key data, said 
data processing apparatus comprising within a 
tamper-resistant circuit module: 

a first bus; 

an arithmetic processing circuit connected to 
said first bus, for performing the rights process- 
ing of thecontent data based on the usage con- 
trol policy data; 

a storage circuit connected to said first bus; 
a second bus; 

a first interface circuit interposed between said 
first bus and said second bus; 
an encryption processing circuit connected to 
said second bus, for decrypting the content key 

data; and 

an external bus interface circuit connected to 
said second bus. 

2. A data processing apparatus according to claim 1 , 
further comprising a second interface circuit within 
said tamper-resistant circuit module, wherein said 
first bus comprises a third bus connected to said 
arithmetic processing circuit and said storage cir- 
cuit, and a fourth bus connected to said first inter- 
face circuit, and said second interface circuit Is in- 
terposed between said third bus and said fourth 
bus. 

3. A data processing apparatus according to claim 2, 
further comprising within said tamper-resistant cir^ 
cuit module: 

a fifth bus; 

a third interface circuit connected to said fifth 
bus, for performing communication with a data 
processing circuit having an authentication 
function which is loaded on one of a recording 
medium and an integrated circuit card; and 
a fourth interface circuit interposed between 
said fourth bus and said fifth bus. 



4. A data processing apparatus according to claim 1 , 
wherein said encryption processing circuit compris- 
es a public-key encryption circuit and a common- 
key encryption circuit. 

5 

5. A data processing apparatus according to claim 4, 
wherein: 

said storage circuit stores private key data of 

10 said data processing apparatus and public key 

data of a second data processing apparatus; 
said public-key encryption circuit verifies the in- 
tegrity of signature data, which verifies the in- 
tegrity of the content data, the content key data, 

IS and the usage control policy data, by using the 

corresponding public key data, and when re- 
cording the content data, the content key data, 
and the usage control policy data on a record- 
ing medium or when sending them to said sec- 

20 ond data processing apparatus, said public-key 

encryption circuit creates signature data, which 
verifies the integrity of the content data, the 
content key data, and the usage control policy 
data, by using the private key data; and 

25 said common-key encryption circuit decrypts 

the content key data, and when sending the 
content data, the content key data, and the us- 
age control policy data to said second data 
processing apparatus online, said common- 

30 key encryption circuit encrypts and decrypts the 

content data, the content key data, and the us- 
age control policy data by using session key da- 
ta obtained Ipy performing mutual authentica- 
tion with said second data processing appara- 

35 tUS, 

6. A data processing apparatus according to claim 5, 
further comprising a hash-value generating circuit 
within said tamper-resistant circuit module, for gen- 

40 erating hash values of the content data, the content 
key data and the usage control policy data, wherein 
said public-key encryption circuit verifies the integ- 
rity of the signature data and creates the signature 
data by using the hash values. 

45 

7. A data processing apparatus according to claim 1 , 
further comprising a random-number generating 
circuit within said tamper-resistant circuit module, 
said random-number generating circuit being con- 

50 nected to said second bus, for generating a random 
number for performing mutual authentication with 
said second data processing apparatus when send- 
ing the content data, the content key data, and the 
usage control policy data to said second data 

55 processing apparatus onlirie. 

8. A data processing apparatus according to claim 1 , 
wherein said external bus interface circuit is con- 
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nected to an external storage circuit for storing at 
least one of the content data, the content key data, 
and the usage control policy data. 

9. A data processing apparatus according to claim 8, 
further comprising a storage-circuit control circuit 
for controlling access to said storage circuit and ac- 
cess to said external storage circuit via said external 
bus interface circuit in accordance with a command 
from said arithmetic processing circuit. 

10. A data processing apparatus according to claim 1 . 
wherein said extemal bus interface circuit is con- 
nected to a host arithmetic processing apparatus for 
centrally controlling a system on which said data 
processing apparatus is loaded. 

11. A data processing apparatus according to claim 8, 
further comprising a storage management circuit for 
managing an address space of said storage circuit 
and an address space of said external storage cir- 
cuit. 

12. A data processing apparatus according to claim 1 , 
wherein said arithmetic processing circuit deter- 
mines at least one of a purchase mode and a usage 
mode of the content data based on a handling policy 
indicated by the usage control policy data, and cre- 
ates log data indicating a result of the determined 
mode. 

13. A data processing apparatus according to claim 1 2, 
wherein , after determining the purchase mode, said 
arithmetic processing circuit creates usage control 
status data in accordance with the determined pur- 
chase mode, and controls the use of the content da- 
ta based on the usage control status data. 

14. A data processing apparatus according to claim 4, 
wherein, In recording the content data, for which the 
purchase mode is determined, on a recording me- 
dium, said common-key encryption circuit encrypts 
the content key data and the usage control status 
data by using medium key data corresponding to 
said recording medium. 

15. A data processing apparatus according to claim 4, 
wherein, when the content key data is encrypted 
with license key data having an effective period, 
said storage circuit stores the license key data, said 
data processing apparatus further comprises a real 
time clock for generating real time, said arithmetic 
processing circuit reads the effective license, key 
data from said storage circuit based on the real tinne 
Indicated by said real time clock, and said common- 
key encryption circuit decrypts the content key data 
by using the read license key data. 



16. A data processing apparatus according to claim 1 , 
wherein said storage circuit writes and erases data 
in units of blocks, and said data processing appa- 
ratus comprises within said tamper-resistant circuit 
5 module, a write-lock control clrcultforcontrollingthe 

writing and erasing of the data Into and from said 
storage circuit in units of blocks under the control of 
said arithmetic processing circuit. 

10 17, A data processing apparatus for performing rights 
processing of content data encrypted with content 
key data based on usage control policy data, and 
for decrypting the encrypted content key data, said 
data processing apparatus comprising within a 

IS tamper-resistant circuit module: 

a first bus; 

an arithmetic processing circuit connected to 
said first bus, for performing the rights process- 
20 ing of the content data based on the usage con- 

trol policy data; 

a storage circuit connected to said first bus; 
a second bus; 

an interface circuit Interposed between said 
25 first bus and said second bus; 

an encryption processing circuit connected to 
said second bus, for decrypting the content key 
data; and 

an external bus interface circuit connected to 
30 said second bus, 

wherein, upon receiving an interrupt from an 
external circuit via said external bus interface 
circuit, said arithmetic processing circuit be- 
comes a slave for said extemal circuit so as to 
35 perform processing designated by the interrupt, 

and reports a result of the processing to said 
external circuit. 

1 8. A data processing apparatus according to claim 1 7, 
40 wherein said arithmetic processing circuit reports 

the result of the processing by outputting an inter- 
rupt to said external circuit. 

1 9. A data processing apparatus according to claim 1 7, 
45 wherein said external bus interface comprises a 

common memory for said arithmetic processing cir- 
cuit and said extemal circuit, and said arithmetic 
processing circuit writes the result of the processing 
Into said common memory, and said external circuit 
50 obtains the result of the processing by polling. 

20. A data processing apparatus according to claim 1 9, 
wherein said external bus interface comprises: 

55 a first status register Indicating an execution 

status of the processing requested from said 
external circuit In said arithmetic processing cir- 
cuit, and including a flag set by said arithmetic 
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processing circuit and read by said external cir- 
cuit; 

a second status register Indicating whether said 
external circuit has requested said arithmetic 
processing circuit to perform processing, and s 
including a flag set by said external circuit and 
read by said arithmetic processing circuit; and 
said common memory for storing a result of the 
processing. 

10 

21 . A data processing apparatus according to claim 1 8, 
wherein said storage circuit stores an interrupt pro- 
gram describing the processing designated by the 
interrupt, and said arithmetic processing circuit per- 
fomns the processing by executing the interrupt pro- ^5 
gram read from said storage circuit. 

22. A data processing apparatus according to claim 21 , 
wherein said storage circuit stores a plurality of said 
interrupt programs, and a plurality of sub-routines 20 
to be read when executing the interrupt program, 
and said arithmetic processing circuit appropriately 
reads and executes the sub-routines from said stor- 
age circuit when executing the Interrupt program 
read from said storage circuit. 25 

23. A data processing system comprising: 

an arithmetic processing apparatus, for execut- 
ing a predetermined program and for outputting 30 
an interrupt according to a predetermined con- 
dition by serving as a master; and 
a data processing apparatus, for performing 
predetennlned processing In response to the 
Interrupt from said arithmetic processing appa- 35 
ratus by serving as a slave for said arithmetic 
processing apparatus, and for reporting a result 
of the processing to said arithmetic processing 
apparatus, said data processing apparatus 
comprising within a tamper-resistant circuit 
module: 

determining means for determining at least one 
of a purchase mode and a usage mode of con- . 
tent data based on a handling policy indicated 
by usage control policy data; 45 
log data generating means for generating log 
data Indicating a result of the determined mode; 
and 

decrypting means for decrypting the content 
key data. so 

24. A data processing system according to claim 23, 
wherein, upon receiving the interrupt indicating an 
interrupt type, said arithmetic processing apparatus 
outputs to said data processing apparatus an inter- ss 
rupt indicating an instruction to execute an interrupt 
routine corresponding to the Interrupt type, and said 
data processing apparatus executes the interrupt 



routine corresponding to the Interrupt type of the in- 
terrupt received from said arithmetic processing ap- 
paratus. 

25. A data processing system according to claim 23, 
wherein said data processing apparatus reports a 
result of the processing by outputting an interrupt to 
said arithmetic processing apparatus. 

26. A data processing system according to claim 23, 
wherein said data processing apparatus comprises 
a common memory which is accessible by said data 
processing apparatus and said arithmetic process- 
ing apparatus, and said arithmetic processing ap- 
paratus obtains the result of the processing by ac- 
cessing said common memory through polling. 

27. A data processing system according to claim 26, 
wherein said data processing apparatus comprises 
a first status register indicating an execution status 
of the processing requested from said arithmetic 
processing apparatus, and including a flag read by 
said arithmetic processing apparatus; 

a second status register indicating whethersaid 
arithmetic processing apparatus has requested 
said data processing apparatus to periderm 
processing by the interrupt, and including a flag 
set by said arithmetic processing apparatus; 
and 

said common memory for storing a result of the 
processing. 

28. A data processing system according to claim 23, 
further comprising a bus for connecting said arith- 
metic processing apparatus and said data process- 
ing apparatus. 

29. A data processing system according to claim 24, 
wherein said data processing apparatus enters a 
low power state after completing the execution of 
one of an initial program and the Interrupt routine. 

30. A data processing system according to claim 24, 
whei'ein, based on the interrupt received from said 
arithmetic processing apparatus, said data 
processing apparatus executes the interrupt routine 
in accordance with at least one of processing for 
determining one of the purchase mode and the us- 
age mode of the content data, processing for repro- 
ducing the content data, and processing for down- 
loading the data from a certifying authority. 

31. A data processing system according to claim 23, 
wherein said arithmetic processing apparatus exe- 
cutes a predetermined user program. 

32. A data processing system In which content data 
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provided by a data providing apparatus is received 
from a data distribution apparatus, and is managed 
by a management apparatus, said data processing 
system comprising: 

5 

a first processing module for receiving from 
said data distribution apparatus a module in 
which content data encrypted with content key 
data, the encrypted content key data, usage 
control policy data indicating a handling policy io 



of the content data, and price data for the con- 
tent data detennined by said data distribution 
apparatus are stored, and for decrypting the re- 
ceived module by using common key data, and 
for perfomning accounting processing for a dis- 
tribution service of the module by said data dis- 
tribution apparatus; 

an arithmetic processing apparatus for execut- 
ing a predetennined program and for outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; and 
a data processing apparatus for performing 
predetennined processing in response to the 
interrupt from said arithmetic processing appa- 
ratus by serving as a slave for said arithmetic 
processing apparatus, and for reporting a result 
of the processing to said arithmetic processing 
apparatus, said data processing apparatus 
comprising within a tamper-resistant circuit 
module: 

determining means for determining at least 
one of a purchase mode and a usage mode 
of the content data based on the handling 
policy Indicated by the usage control policy 
data stored in the received module; 
log data generating means for generating 
log data indicating a result of the deter- 
mined mode; 

output means for outputting the price data 
and the log data to said management ap- 
paratus when the purchase mode of the 
content data is determined; and 
decrypting means for decrypting the con- 
tent key data. 

33. A data processing system comprising: 



reporting a result of the processing to said arith- 
metic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for decrypting the content data by using 
the content key data obtained by performing 
mutual authentication with said first tamper-re- 
sistant data processing apparatus and for com- 
pressing or decompressing the content data in 
response to the interrupt from said arithmetic 
processing apparatus or said first tamper-re- 
sistant data processing apparatus by serving 
as a slave for said arithmetic processing appa- 
ratus or said first tamper-resistant data 
processing apparatus. 

15 

34. A data processing system according to claim 33, 
further comprising a bus for connecting said arith- 
metic processing apparatus, said first tamper-re- 
sistant data processing apparatus, and said second 
tamper-resistant data processing apparatus. 

35. A data processing system comprising: 

an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for performing rights processing of con- 
tent data encrypted with content key data in re- 
sponse to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus, and for 
reporting a result of the processing to said arith- 
metic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for perfomriing mutual authentication 
with said arithmetic processing apparatus and 
for reading and writing the content data from 
and into a recording medium in response to the 
interrupt output from said arithmetic processing 
apparatus. 

36. A data processing system according to claim 35, 
wherein said second tamper- resistant processing 
apparatus decrypts and encrypts the content data 
by using medium key data corresponding to said re- 
cording medium. 

37. A data processing system according to claim 35, 
wherein, when said recording medium is provided 
with a processing circuit having a mutual authenti- 
cation function, said second tamper-resistant 
processing apparatus perfomns mutual authentica- 
tion with said processing circuit. 

38. A data processing system comprising: 



an arithmetic processing apparatus for execut- 
ing a predetennined program and for outputting so 
an interrupt according to a predetermined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for perfonning rights processing of con- 
tent data encrypted with content key data in re- ss 
sponse to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus, and for 
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an arithmetic processing apparatus for execut- 
ing a predetennined program and for outputting 
an interrupt according to a predetemiined con- 
dition by serving as a master; 
a first tamper- resistant data processing appa- 5 
ratus for performing mutual authentication with 
said arithmetic processing apparatus and for 
reading and writing content data from and into 
a recording medium in response to the interrupt 
from said arithmetic processing apparatus; and io 
a second tamper-resistant data processing ap- 
paratus for decrypting the content data by using 
content key data and for compressing or de- 
compressing tlie content data in response to 
the interrupt from said arithmetic processing is 
apparatus by serving as a slave for said arith- 
metic processing apparatus. 



39. A data processing system according to claim 38, 
further comprising a storage circuit for temporarily 20 
storing the content data read from said recording 
medium by said first tamper-resistant data process- 
ing apparatus, and for outputting the stored content 
data to said second tamper-resistant data process- 
ing apparatus. 25 

40. A data processing system according to claim 39, 
wherein said storage circuit utilizes part of a storage 
area of an anti-vibration storage circuit. 

30 

41. A data processing system according to claim 38, 
further comprising a third tamper-resistant data 
processing apparatus for performing rights 
processing of the content data encrypted with the 
content key data In response to the interrupt from 55 
said arithmetic processing apparatus by serving as 

a slave for said arithmetic processing apparatus, 
and for reporting a result of the processing to said 
arithmetic processing apparatus. 

40 

42. A data processing method using an arithmetic 
processing apparatus and a data processing appa- 
ratus, said data processing method comprising the 
steps of: 

45 

executing, in said arithmetic processing appa- 
ratus, a predetennined program and outputting 
an Interrupt according to a predetennined con- 
dition by serving as a master, and 
determining, in said data processing appara- so 
tus, at least one of a purchase mode and a us- 
age mode of content data based on a handling 
policy of usage control policy data, creating log 
data indicating a result of the determined mode, 
and decrypting content key data, within a ss 
tamper-resistant circuit module in response to 
the interrupt, from said arithmetic processing 
apparatus by serving as a slave for said arith- 



metic processing apparatus. 

43. A data processing method according to claim 42, 
wherein, upon receiving the intermpt indicating an 
interrupt type, said arithmetic processing apparatus 
outputs to said data processing apparatus an inter- 
rupt indicating an instruction to execute an interrupt 
routine corresponding to the interrupt type, and said 
data processing apparatus executes the interrupt 
routine corresponding to the processing designated 
by the inten'upt received from said arithmetic 
processing apparatus. 

44. A data processing method according to claim 42, 
wherein said data processing apparatus reports the 
result of the processing by outputting an interrupt to 
said arithmetic processing apparatus. 

45. A data processing method according to claim 42, 
wherein said data processing apparatus comprises 
a common memory which is accessible by said data 
processing apparatus and said arithmetic process- 
ing apparatus, and said arithmetic processing ap- 
paratus obtains the result of the processing by ac- 
cessing said common memory through polling. 

46. A data processing method according to claim 45, 
wherein: 

said data processing apparatus sets a flag in a 
first status register indicating an execution sta- 
tus of the processing requested by the interrupt 
from said arithmetic processing apparatus; 
said arithmetic processing apparatus reads the 
execution status of the processing of said data 
processing apparatus from the flag in said first 
status register; 

said arithmetic processing apparatus sets a 
flag in a second status register indicating 
whether said arithmetic processing apparatus 
has requested said data processing apparatus 
to perform the processing through the interrupt; 
and 

said data processing apparatus detennines 
whether said arithmetic processing apparatus 
has requested said data processing apparatus 
to perfomn the processing from the flag in said 
second status register 

47. A data processing method according to claim 42, 
wherein said data processing apparatus enters a 
low power state upon completion of the execution 
of one of an initial program and the interrupt routine. 

48. A data processing method according to claim 42, 
wherein, based on the interrupt received from said 
arithmetic processing apparatus, said data 
processing apparatus executes the interrupt routine 
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in accordance with at least one of processing for 
determining one of the purchase mode and the us- 
age mode of the content data, processing for repro- 
ducing the content data, and processing for down- 
loading the data from a certifying authority. 5 

49. A data processing method according to claim 42, 
wherein said arithmetic processing apparatus exe- 
cutes a predetermined user program. 

10 

50. A data processing method using an arithmetic 
processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 

of: 15 



51. A data processing method using an arithmetic 
processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 45 
of: 



processing to said arithmetic processing appa- 
ratus; and 

performing, in said second data processing ap- 
paratus, mutual authentication with said arith- 
metic processing apparatus, and reading and 
writing the content data from and into a record- 
ing medium within a tamper-resistant module 
in response to the Interrupt from said arithmetic 
processing apparatus. 

52. A data processing method according to claim 51 , 
wherein said second data processing apparatus de- 
crypts and encrypts the content data by using me- 
dium key data corresponding to said recording me- 
dium. 

53. A data processing method according to claim 51 , 
wherein, when said recording medium Is provided 
with a processing circuit having a mutual authenti- 
cation function, said second data processing appa- 
ratus performs mutual authentication with said 
processing circuit. 

54. A data processing method using an arithmetic 
processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 
of: 

executing, In said arithmetic processing appa- 
ratus, a predetemrilned program and outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 
performing. In said first data processing appa- 
ratus, mutual authentication with said arithme- 
tic processing apparatus, and reading and writ- 
ing content data from and into a recording me- 
dium within a tamper- resistant module In re- 
sponse to the interrupt from said arithmetic 
processing apparatus; and 
decrypting, in said second data processing ap- 
paratus, the content data by using content key 
data and compressing or decompressing the 
content data within a tamper-resistant module 
in response to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus. 

55. A data processing method according to claim 54, 
wherein the content data read from said recording 
medium by said first data processing apparatus is 
temporarily stored in a storage circuit, and the con- 
tent data read from said storage circuit is output to 
said second data processing apparatus. 

56. A data processing method according to claim 55, 
wherein said storage circuit utilizes part of a storage 
area of an antl-vlbration storage circuit. 



executing, in said arithmetic processing appa- 
ratus, a predetemnined program and outputting 
an interrupt according to a predetermined con- so 
dition by serving as a master; 
performing, In said first data processing appa- 
ratus, rights processing of content data en- 
crypted with content key data within a tamper- 
resistant module in response to the interrupt ss 
from said arithmetic processing apparatus by 
serving as a slave for said arithmetic process- 
ing apparatus, and reporting a result of the 



executing, in said arithmetic processing appa- 
ratus, a predetennined program and outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 20 
performing, in said first data processing appa- 
ratus, rights processing of content data en- 
crypted with content key data within a tamper- 
resistant module In response to the interrupt 
from said arithmetic processing apparatus by 25 
serving as a slave for said arithmetic process- 
ing apparatus, and reporting a result of the 
processing to said arithmetic processing appa- 
ratus; and 

decrypting. In said second data processing ap- 3o 
paratus, the content data by using the content 
key data obtained by performing mutual au- 
thentication with said first data processing ap- 
paratus and compressing or decompressing 
the content data with In a tamper-resistant mod- 35 
ule in response to the interrupt from said arith- 
metic processing apparatus or said first data 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus or said 
first data processing apparatus. 40 
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